Merge pull request #358 from yunohost-bot/weblate-yunohost-moulinette

Translations update from Weblate

.github/workflows/autoblack.yml

@@ -0,0 +1,35 @@
+name: Check / auto apply Black
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  black:
+    name: Check / auto apply black
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Check files using the black formatter
+        uses: psf/black@stable
+        id: black
+        with:
+          options: "."
+        continue-on-error: true
+      - shell: pwsh
+        id: check_files_changed
+        run: |
+          # Diff HEAD with the previous commit
+          $diff = git diff
+          $HasDiff = $diff.Length -gt 0
+          Write-Host "::set-output name=files_changed::$HasDiff"
+      - name: Create Pull Request
+        if: steps.check_files_changed.outputs.files_changed == 'true'
+        uses: peter-evans/create-pull-request@v6
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          title: "Format Python code with Black"
+          commit-message: ":art: Format Python code with Black"
+          body: |
+            This pull request uses the [psf/black](https://github.com/psf/black) formatter.
+          base: ${{ github.head_ref }} # Creates pull request onto pull request or commit branch
+          branch: actions/black

.github/workflows/i18n.yml

@@ -0,0 +1,29 @@
+name: Autoreformat locale files
+on:
+  push:
+      branches:
+          - dev
+jobs:
+  i18n:
+    name: Autoreformat locale files
+    runs-on: ubuntu-latest
+    steps:
+        - uses: actions/checkout@v4
+        - name: Apply reformating scripts
+          id: action_reformat
+          run: |
+              python3 test/remove_stale_i18n_strings.py
+              python3 test/autofix_locale_format.py
+              python3 test/reformat_locales.py
+              git diff -w --exit-code
+        - name: Create Pull Request
+          if: ${{ failure() }}
+          uses: peter-evans/create-pull-request@v6
+          with:
+            token: ${{ secrets.GITHUB_TOKEN }}
+            title: "Reformat locale files"
+            commit-message: ":robot: Reformat locale files"
+            body: |
+              Automatic pull request using the scripts in `test/`
+            base: ${{ github.head_ref }}
+            branch: actions/i18nreformat

.github/workflows/tox.yml

@@ -0,0 +1,49 @@
+name: Tests
+
+on:
+  push:
+      branches:
+          - dev
+          - bullseye
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install apt dependencies
+      run: sudo apt install ldap-utils slapd libsasl2-dev libldap2-dev libssl-dev
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Test with tox
+      run: tox -e py39-pytest
+
+  invalidcode:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install tox
+      run: |
+        python -m pip install --upgrade pip
+        pip install tox tox-gh-actions
+    - name: Linter
+      run: tox -e py39-invalidcode
+    - name: Mypy
+      run: tox -e py39-mypy

.gitignore

@@ -1,10 +1,14 @@
 *.py[co]
 
+# Documentation
+doc/_build/
+
 # Packages
 *.egg
 *.egg-info
 *.swp
 *.swo
+*~
 dist
 build
 eggs
@@ -15,6 +19,7 @@ var
 sdist
 develop-eggs
 .installed.cfg
+log
 
 # Installer logs
 pip-log.txt
@@ -31,4 +36,9 @@ pip-log.txt
 
 # Moulinette
 doc/*.json
-src/moulinette/package.py
+moulinette/package.py
+# track only test namespace
+lib/**
+!lib/test
+data/actionsmap/**
+!data/actionsmap/test.yml

CONTRIBUTORS.md

@@ -0,0 +1,70 @@
+Moulinette contributors
+=======================
+
+YunoHost is built and maintained by the YunoHost project community.
+Everyone is encouraged to submit issues and changes, and to contribute in other ways -- see https://yunohost.org/contribute to find out how.
+
+--
+
+Initial Moulinette was built by Kload & jerome, for YunoHost v2.
+
+Most of actual Moulinette code was written by jerome, with help of numerous contributors.
+
+Translation is made by a bunch of lovely people all over the world.
+
+We would like to thank anyone who ever helped the YunoHost project <3
+
+
+Moulinette Contributors
+-----------------------
+
+- Kload
+- Jérôme Lebleu
+- Adrien 'beudbeud' Beudin
+- titoko
+- Laurent 'Bram' Peuch
+- Julien 'ju' Malik
+- npze
+- lmangani
+- Valentin 'zamentur' / 'ljf' Grimaud
+- dblugeon
+
+
+Moulinette Translators
+----------------------
+
+If you want to help translation, please visit https://translate.yunohost.org/projects/yunohost/yunohost/
+
+
+### Dutch
+
+- marut
+
+### English
+
+- Anmol
+
+### French
+
+- Bobo
+- Laurent Peuch
+- Jean-Baptiste Holcroft
+- Jérôme Lebleu
+
+### German
+
+- David Bartke
+- Felix Bartels
+- Marvin Gärtner
+
+### Hindi
+
+- Anmol
+
+### Portuguese
+
+- frju
+
+### Spanish
+
+- Juanu

README.md

@@ -1,49 +1,46 @@
-Moulinette
-==========
+<h1 align="center">Moulinette</h1>
 
-The *moulinette* is a Python package that allows to quickly and easily
-prototype interfaces for your application.
+<div align="center">
+ 
+![Version](https://img.shields.io/github/v/tag/yunohost/moulinette?label=version&sort=semver)
+[![Tests status](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml/badge.svg)](https://github.com/YunoHost/moulinette/actions/workflows/tox.yml)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/YunoHost/moulinette.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/YunoHost/moulinette/context:python)
+[![GitHub license](https://img.shields.io/github/license/YunoHost/moulinette)](https://github.com/YunoHost/moulinette/blob/dev/LICENSE)
 
+ 
+Moulinette is a small Python framework meant to easily create programs with unified CLI and API.
+
+In particular, it is used as a base framework for the YunoHost project.
+ 
+</div>
+
+Issues
+------
+
+- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
 
 Overview
 --------
 
-Initially, the moulinette was an application made for the
-[YunoHost](https://yunohost.org/) project in order to regroup all its
-related operations into a single program called *moulinette*. Those
-operations were available from a command-line interface and a Web server
-providing an API. Moreover, the usage of these operations (e.g.
-required/optional arguments) was defined into a simple yaml file -
-called *actionsmap*. This file was parsed in order to construct an
-*ArgumentParser* object and to parse the command arguments to process
-the proper operation.
+Moulinette allows to create a YAML "actionmaps" that describes what commands are available. Moulinette will automatically make these commands available through the CLI and Web API, and will be mapped to a python function. Moulinette also provide some general helpers, for example for logging, i18n, authentication, or common file system operations.
 
-During a long refactoring with the goal of unify both interfaces, the
-idea to separate the core of the YunoHost operations has emerged.
-The core kept the same name *moulinette* and try to follow the same
-initial principle. An [Actions Map](#actions-map) - which defines
-available operations and their usage - is parsed and it's used to
-process an operation from several unified [Interfaces](#interfaces). It
-also supports a configuration mechanism - which allows to restrict an
-operation on an interface for example (see
-[Authenticators](#authenticators)).
+<div align="center"><img src="doc/actionsmap.png" width="700" /></div>
 
+Translation
+-----------
 
-### Actions Map
-...
+You can help translate Moulinette on our [translation platform](https://translate.yunohost.org/engage/yunohost/?utm_source=widget)
 
-### Interfaces
-...
+<div align="center"><img src="https://translate.yunohost.org/widgets/yunohost/-/moulinette/horizontal-auto.svg" alt="Translation status" /></div>
 
-### Authenticators
-...
+Developpers
+-----------
 
+- You can learn how to get started with developing on YunoHost by reading [this piece of documentation](https://yunohost.org/dev).
+- Specific doc for moulinette: https://moulinette.readthedocs.org
+- Run tests with:
 
-Requirements
-------------
-
-* Python 2.7
-* python-bottle (>= 0.10)
-* python-gnupg (>= 0.3)
-* python-ldap (>= 2.4)
-* PyYAML
+```
+$ pip install tox
+$ tox
+```

data/actionsmap/test.yml

@@ -1,59 +0,0 @@
-
-#############################
-#     Global parameters     #
-#############################
-_global:
-    configuration:
-        authenticate:
-            - api
-        authenticator:
-            default:
-                vendor: ldap
-                help: Admin Password
-                parameters:
-                    uri: ldap://localhost:389
-                    base_dn: dc=yunohost,dc=org
-                    user_rdn: cn=admin
-            ldap-anonymous:
-                vendor: ldap
-                parameters:
-                    uri: ldap://localhost:389
-                    base_dn: dc=yunohost,dc=org
-            test-profile:
-                vendor: ldap
-                help: Admin Password (profile)
-                parameters:
-                    uri: ldap://localhost:389
-                    base_dn: dc=yunohost,dc=org
-                    user_rdn: cn=admin
-        argument_auth: true
-
-#############################
-#       Test Actions        #
-#############################
-test:
-    actions:
-        non-auth:
-            api: GET /test/non-auth
-            configuration:
-                authenticate: false
-        auth:
-            api: GET /test/auth
-            configuration:
-                authenticate: all
-        auth-profile:
-            api: GET /test/auth-profile
-            configuration:
-                authenticate: all
-                authenticator: test-profile
-        auth-cli:
-            api: GET /test/auth-cli
-            configuration:
-                authenticate:
-                    - cli
-        anonymous:
-            api: GET /test/anon
-            configuration:
-                authenticate: all
-                authenticator: ldap-anonymous
-                argument_auth: false

data/moulinette_cli

@@ -1,33 +0,0 @@
-# yunohost(1) completion
-
-_yunohost_cli()
-{
-local argc cur prev opts
-COMPREPLY=()
-
-argc=${COMP_CWORD}
-cur="${COMP_WORDS[argc]}"
-prev="${COMP_WORDS[argc-1]}"
-opts=$(yunohost -h | sed -n "/usage/,/}/p" | awk -F"{" '{print $2}' | awk -F"}" '{print $1}' | tr ',' ' ')
-
-if [[ $argc = 1 ]];
-then
-	COMPREPLY=( $(compgen -W "$opts --help" -- $cur ) )
-fi
-
-if [[ "$prev" != "--help" ]];
-then
-	if [[ $argc = 2 ]];
-	then
-		opts2=$(yunohost $prev -h | sed -n "/usage/,/}/p" | awk -F"{" '{print $2}' | awk -F"}" '{print $1}' | tr ',' ' ')
-		COMPREPLY=( $(compgen -W "$opts2 --help" -- $cur ) )
-	elif [[ $argc = 3 ]];
-	then
-		COMPREPLY=( $(compgen -W "--help" $cur ) )
-	fi
-else
-	COMPREPLY=()
-fi
-
-}
-complete -F _yunohost_cli yunohost

debian/control

@@ -0,0 +1,26 @@
+Source: moulinette
+Section: python
+Priority: optional
+Maintainer: YunoHost Contributors <contrib@yunohost.org>
+Build-Depends: debhelper (>= 9), debhelper-compat (= 13), python3 (>= 3.7), dh-python, python3-setuptools, python3-psutil, python3-all (>= 3.7)
+Standards-Version: 3.9.6
+Homepage: https://github.com/YunoHost/moulinette
+
+Package: moulinette
+Architecture: all
+Depends: ${misc:Depends}, ${python3:Depends},
+    python3-yaml,
+    python3-bottle (>= 0.12),
+    python3-gevent-websocket,
+    python3-toml,
+    python3-psutil,
+    python3-tz,
+    python3-prompt-toolkit,
+    python3-pygments
+Breaks: yunohost (<< 4.1)
+Description: prototype interfaces with ease in Python
+ Quickly and easily prototype interfaces for your application.
+ Each action can be served through an HTTP API and from the
+ command-line with a single method.
+ .
+ Originally designed and written for the YunoHost project.

debian/copyright

@@ -0,0 +1,678 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://github.com/YunoHost/moulinette
+
+Files: *
+Copyright: 2015 YUNOHOST.ORG
+License: AGPL-3
+
+License: AGPL-3
+ OPA is free software: you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License, version 3, as published by
+ the Free Software Foundation.
+ .
+ OPA is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for
+ more details.
+ .
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
+ .
+ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+ .
+ Preamble
+ .
+ The GNU Affero General Public License is a free, copyleft license for
+ software and other kinds of works, specifically designed to ensure
+ cooperation with the community in the case of network server software.
+ .
+ The licenses for most software and other practical works are designed
+ to take away your freedom to share and change the works. By contrast,
+ our General Public Licenses are intended to guarantee your freedom to
+ share and change all versions of a program--to make sure it remains free
+ software for all its users.
+ .
+ When we speak of free software, we are referring to freedom, not
+ price. Our General Public Licenses are designed to make sure that you
+ have the freedom to distribute copies of free software (and charge for
+ them if you wish), that you receive source code or can get it if you
+ want it, that you can change the software or use pieces of it in new
+ free programs, and that you know you can do these things.
+ .
+ Developers that use our General Public Licenses protect your rights
+ with two steps: (1) assert copyright on the software, and (2) offer
+ you this License which gives you legal permission to copy, distribute
+ and/or modify the software.
+ .
+ A secondary benefit of defending all users' freedom is that
+ improvements made in alternate versions of the program, if they
+ receive widespread use, become available for other developers to
+ incorporate. Many developers of free software are heartened and
+ encouraged by the resulting cooperation. However, in the case of
+ software used on network servers, this result may fail to come about.
+ The GNU General Public License permits making a modified version and
+ letting the public access it on a server without ever releasing its
+ source code to the public.
+ .
+ The GNU Affero General Public License is designed specifically to
+ ensure that, in such cases, the modified source code becomes available
+ to the community. It requires the operator of a network server to
+ provide the source code of the modified version running there to the
+ users of that server. Therefore, public use of a modified version, on
+ a publicly accessible server, gives the public access to the source
+ code of the modified version.
+ .
+ An older license, called the Affero General Public License and
+ published by Affero, was designed to accomplish similar goals. This is
+ a different license, not a version of the Affero GPL, but Affero has
+ released a new version of the Affero GPL which permits relicensing under
+ this license.
+ .
+ The precise terms and conditions for copying, distribution and
+ modification follow.
+ .
+ TERMS AND CONDITIONS
+ .
+ 0. Definitions.
+ .
+ "This License" refers to version 3 of the GNU Affero General Public License.
+ .
+ "Copyright" also means copyright-like laws that apply to other kinds of
+ works, such as semiconductor masks.
+ .
+ "The Program" refers to any copyrightable work licensed under this
+ License. Each licensee is addressed as "you". "Licensees" and
+ "recipients" may be individuals or organizations.
+ .
+ To "modify" a work means to copy from or adapt all or part of the work
+ in a fashion requiring copyright permission, other than the making of an
+ exact copy. The resulting work is called a "modified version" of the
+ earlier work or a work "based on" the earlier work.
+ .
+ A "covered work" means either the unmodified Program or a work based
+ on the Program.
+ .
+ To "propagate" a work means to do anything with it that, without
+ permission, would make you directly or secondarily liable for
+ infringement under applicable copyright law, except executing it on a
+ computer or modifying a private copy. Propagation includes copying,
+ distribution (with or without modification), making available to the
+ public, and in some countries other activities as well.
+ .
+ To "convey" a work means any kind of propagation that enables other
+ parties to make or receive copies. Mere interaction with a user through
+ a computer network, with no transfer of a copy, is not conveying.
+ .
+ An interactive user interface displays "Appropriate Legal Notices"
+ to the extent that it includes a convenient and prominently visible
+ feature that (1) displays an appropriate copyright notice, and (2)
+ tells the user that there is no warranty for the work (except to the
+ extent that warranties are provided), that licensees may convey the
+ work under this License, and how to view a copy of this License. If
+ the interface presents a list of user commands or options, such as a
+ menu, a prominent item in the list meets this criterion.
+ .
+ 1. Source Code.
+ .
+ The "source code" for a work means the preferred form of the work
+ for making modifications to it. "Object code" means any non-source
+ form of a work.
+ .
+ A "Standard Interface" means an interface that either is an official
+ standard defined by a recognized standards body, or, in the case of
+ interfaces specified for a particular programming language, one that
+ is widely used among developers working in that language.
+ .
+ The "System Libraries" of an executable work include anything, other
+ than the work as a whole, that (a) is included in the normal form of
+ packaging a Major Component, but which is not part of that Major
+ Component, and (b) serves only to enable use of the work with that
+ Major Component, or to implement a Standard Interface for which an
+ implementation is available to the public in source code form. A
+ "Major Component", in this context, means a major essential component
+ (kernel, window system, and so on) of the specific operating system
+ (if any) on which the executable work runs, or a compiler used to
+ produce the work, or an object code interpreter used to run it.
+ .
+ The "Corresponding Source" for a work in object code form means all
+ the source code needed to generate, install, and (for an executable
+ work) run the object code and to modify the work, including scripts to
+ control those activities. However, it does not include the work's
+ System Libraries, or general-purpose tools or generally available free
+ programs which are used unmodified in performing those activities but
+ which are not part of the work. For example, Corresponding Source
+ includes interface definition files associated with source files for
+ the work, and the source code for shared libraries and dynamically
+ linked subprograms that the work is specifically designed to require,
+ such as by intimate data communication or control flow between those
+ subprograms and other parts of the work.
+ .
+ The Corresponding Source need not include anything that users
+ can regenerate automatically from other parts of the Corresponding
+ Source.
+ .
+ The Corresponding Source for a work in source code form is that
+ same work.
+ .
+ 2. Basic Permissions.
+ .
+ All rights granted under this License are granted for the term of
+ copyright on the Program, and are irrevocable provided the stated
+ conditions are met. This License explicitly affirms your unlimited
+ permission to run the unmodified Program. The output from running a
+ covered work is covered by this License only if the output, given its
+ content, constitutes a covered work. This License acknowledges your
+ rights of fair use or other equivalent, as provided by copyright law.
+ .
+ You may make, run and propagate covered works that you do not
+ convey, without conditions so long as your license otherwise remains
+ in force. You may convey covered works to others for the sole purpose
+ of having them make modifications exclusively for you, or provide you
+ with facilities for running those works, provided that you comply with
+ the terms of this License in conveying all material for which you do
+ not control copyright. Those thus making or running the covered works
+ for you must do so exclusively on your behalf, under your direction
+ and control, on terms that prohibit them from making any copies of
+ your copyrighted material outside their relationship with you.
+ .
+ Conveying under any other circumstances is permitted solely under
+ the conditions stated below. Sublicensing is not allowed; section 10
+ makes it unnecessary.
+ .
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+ .
+ No covered work shall be deemed part of an effective technological
+ measure under any applicable law fulfilling obligations under article
+ 11 of the WIPO copyright treaty adopted on 20 December 1996, or
+ similar laws prohibiting or restricting circumvention of such
+ measures.
+ .
+ When you convey a covered work, you waive any legal power to forbid
+ circumvention of technological measures to the extent such circumvention
+ is effected by exercising rights under this License with respect to
+ the covered work, and you disclaim any intention to limit operation or
+ modification of the work as a means of enforcing, against the work's
+ users, your or third parties' legal rights to forbid circumvention of
+ technological measures.
+ .
+ 4. Conveying Verbatim Copies.
+ .
+ You may convey verbatim copies of the Program's source code as you
+ receive it, in any medium, provided that you conspicuously and
+ appropriately publish on each copy an appropriate copyright notice;
+ keep intact all notices stating that this License and any
+ non-permissive terms added in accord with section 7 apply to the code;
+ keep intact all notices of the absence of any warranty; and give all
+ recipients a copy of this License along with the Program.
+ .
+ You may charge any price or no price for each copy that you convey,
+ and you may offer support or warranty protection for a fee.
+ .
+ 5. Conveying Modified Source Versions.
+ .
+ You may convey a work based on the Program, or the modifications to
+ produce it from the Program, in the form of source code under the
+ terms of section 4, provided that you also meet all of these conditions:
+ .
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+ .
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+ .
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+ .
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+ .
+ A compilation of a covered work with other separate and independent
+ works, which are not by their nature extensions of the covered work,
+ and which are not combined with it such as to form a larger program,
+ in or on a volume of a storage or distribution medium, is called an
+ "aggregate" if the compilation and its resulting copyright are not
+ used to limit the access or legal rights of the compilation's users
+ beyond what the individual works permit. Inclusion of a covered work
+ in an aggregate does not cause this License to apply to the other
+ parts of the aggregate.
+ .
+ 6. Conveying Non-Source Forms.
+ .
+ You may convey a covered work in object code form under the terms
+ of sections 4 and 5, provided that you also convey the
+ machine-readable Corresponding Source under the terms of this License,
+ in one of these ways:
+ .
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+ .
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+ .
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+ .
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+ .
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+ .
+ A separable portion of the object code, whose source code is excluded
+ from the Corresponding Source as a System Library, need not be
+ included in conveying the object code work.
+ .
+ A "User Product" is either (1) a "consumer product", which means any
+ tangible personal property which is normally used for personal, family,
+ or household purposes, or (2) anything designed or sold for incorporation
+ into a dwelling. In determining whether a product is a consumer product,
+ doubtful cases shall be resolved in favor of coverage. For a particular
+ product received by a particular user, "normally used" refers to a
+ typical or common use of that class of product, regardless of the status
+ of the particular user or of the way in which the particular user
+ actually uses, or expects or is expected to use, the product. A product
+ is a consumer product regardless of whether the product has substantial
+ commercial, industrial or non-consumer uses, unless such uses represent
+ the only significant mode of use of the product.
+ .
+ "Installation Information" for a User Product means any methods,
+ procedures, authorization keys, or other information required to install
+ and execute modified versions of a covered work in that User Product from
+ a modified version of its Corresponding Source. The information must
+ suffice to ensure that the continued functioning of the modified object
+ code is in no case prevented or interfered with solely because
+ modification has been made.
+ .
+ If you convey an object code work under this section in, or with, or
+ specifically for use in, a User Product, and the conveying occurs as
+ part of a transaction in which the right of possession and use of the
+ User Product is transferred to the recipient in perpetuity or for a
+ fixed term (regardless of how the transaction is characterized), the
+ Corresponding Source conveyed under this section must be accompanied
+ by the Installation Information. But this requirement does not apply
+ if neither you nor any third party retains the ability to install
+ modified object code on the User Product (for example, the work has
+ been installed in ROM).
+ .
+ The requirement to provide Installation Information does not include a
+ requirement to continue to provide support service, warranty, or updates
+ for a work that has been modified or installed by the recipient, or for
+ the User Product in which it has been modified or installed. Access to a
+ network may be denied when the modification itself materially and
+ adversely affects the operation of the network or violates the rules and
+ protocols for communication across the network.
+ .
+ Corresponding Source conveyed, and Installation Information provided,
+ in accord with this section must be in a format that is publicly
+ documented (and with an implementation available to the public in
+ source code form), and must require no special password or key for
+ unpacking, reading or copying.
+ .
+ 7. Additional Terms.
+ .
+ "Additional permissions" are terms that supplement the terms of this
+ License by making exceptions from one or more of its conditions.
+ Additional permissions that are applicable to the entire Program shall
+ be treated as though they were included in this License, to the extent
+ that they are valid under applicable law. If additional permissions
+ apply only to part of the Program, that part may be used separately
+ under those permissions, but the entire Program remains governed by
+ this License without regard to the additional permissions.
+ .
+ When you convey a copy of a covered work, you may at your option
+ remove any additional permissions from that copy, or from any part of
+ it. (Additional permissions may be written to require their own
+ removal in certain cases when you modify the work.) You may place
+ additional permissions on material, added by you to a covered work,
+ for which you have or can give appropriate copyright permission.
+ .
+ Notwithstanding any other provision of this License, for material you
+ add to a covered work, you may (if authorized by the copyright holders of
+ that material) supplement the terms of this License with terms:
+ .
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+ .
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+ .
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+ .
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+ .
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+ .
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+ .
+ All other non-permissive additional terms are considered "further
+ restrictions" within the meaning of section 10. If the Program as you
+ received it, or any part of it, contains a notice stating that it is
+ governed by this License along with a term that is a further
+ restriction, you may remove that term. If a license document contains
+ a further restriction but permits relicensing or conveying under this
+ License, you may add to a covered work material governed by the terms
+ of that license document, provided that the further restriction does
+ not survive such relicensing or conveying.
+ .
+ If you add terms to a covered work in accord with this section, you
+ must place, in the relevant source files, a statement of the
+ additional terms that apply to those files, or a notice indicating
+ where to find the applicable terms.
+ .
+ Additional terms, permissive or non-permissive, may be stated in the
+ form of a separately written license, or stated as exceptions;
+ the above requirements apply either way.
+ .
+ 8. Termination.
+ .
+ You may not propagate or modify a covered work except as expressly
+ provided under this License. Any attempt otherwise to propagate or
+ modify it is void, and will automatically terminate your rights under
+ this License (including any patent licenses granted under the third
+ paragraph of section 11).
+ .
+ However, if you cease all violation of this License, then your
+ license from a particular copyright holder is reinstated (a)
+ provisionally, unless and until the copyright holder explicitly and
+ finally terminates your license, and (b) permanently, if the copyright
+ holder fails to notify you of the violation by some reasonable means
+ prior to 60 days after the cessation.
+ .
+ Moreover, your license from a particular copyright holder is
+ reinstated permanently if the copyright holder notifies you of the
+ violation by some reasonable means, this is the first time you have
+ received notice of violation of this License (for any work) from that
+ copyright holder, and you cure the violation prior to 30 days after
+ your receipt of the notice.
+ .
+ Termination of your rights under this section does not terminate the
+ licenses of parties who have received copies or rights from you under
+ this License. If your rights have been terminated and not permanently
+ reinstated, you do not qualify to receive new licenses for the same
+ material under section 10.
+ .
+ 9. Acceptance Not Required for Having Copies.
+ .
+ You are not required to accept this License in order to receive or
+ run a copy of the Program. Ancillary propagation of a covered work
+ occurring solely as a consequence of using peer-to-peer transmission
+ to receive a copy likewise does not require acceptance. However,
+ nothing other than this License grants you permission to propagate or
+ modify any covered work. These actions infringe copyright if you do
+ not accept this License. Therefore, by modifying or propagating a
+ covered work, you indicate your acceptance of this License to do so.
+ .
+ 10. Automatic Licensing of Downstream Recipients.
+ .
+ Each time you convey a covered work, the recipient automatically
+ receives a license from the original licensors, to run, modify and
+ propagate that work, subject to this License. You are not responsible
+ for enforcing compliance by third parties with this License.
+ .
+ An "entity transaction" is a transaction transferring control of an
+ organization, or substantially all assets of one, or subdividing an
+ organization, or merging organizations. If propagation of a covered
+ work results from an entity transaction, each party to that
+ transaction who receives a copy of the work also receives whatever
+ licenses to the work the party's predecessor in interest had or could
+ give under the previous paragraph, plus a right to possession of the
+ Corresponding Source of the work from the predecessor in interest, if
+ the predecessor has it or can get it with reasonable efforts.
+ .
+ You may not impose any further restrictions on the exercise of the
+ rights granted or affirmed under this License. For example, you may
+ not impose a license fee, royalty, or other charge for exercise of
+ rights granted under this License, and you may not initiate litigation
+ (including a cross-claim or counterclaim in a lawsuit) alleging that
+ any patent claim is infringed by making, using, selling, offering for
+ sale, or importing the Program or any portion of it.
+ .
+ 11. Patents.
+ .
+ A "contributor" is a copyright holder who authorizes use under this
+ License of the Program or a work on which the Program is based. The
+ work thus licensed is called the contributor's "contributor version".
+ .
+ A contributor's "essential patent claims" are all patent claims
+ owned or controlled by the contributor, whether already acquired or
+ hereafter acquired, that would be infringed by some manner, permitted
+ by this License, of making, using, or selling its contributor version,
+ but do not include claims that would be infringed only as a
+ consequence of further modification of the contributor version. For
+ purposes of this definition, "control" includes the right to grant
+ patent sublicenses in a manner consistent with the requirements of
+ this License.
+ .
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+ patent license under the contributor's essential patent claims, to
+ make, use, sell, offer for sale, import and otherwise run, modify and
+ propagate the contents of its contributor version.
+ .
+ In the following three paragraphs, a "patent license" is any express
+ agreement or commitment, however denominated, not to enforce a patent
+ (such as an express permission to practice a patent or covenant not to
+ sue for patent infringement). To "grant" such a patent license to a
+ party means to make such an agreement or commitment not to enforce a
+ patent against the party.
+ .
+ If you convey a covered work, knowingly relying on a patent license,
+ and the Corresponding Source of the work is not available for anyone
+ to copy, free of charge and under the terms of this License, through a
+ publicly available network server or other readily accessible means,
+ then you must either (1) cause the Corresponding Source to be so
+ available, or (2) arrange to deprive yourself of the benefit of the
+ patent license for this particular work, or (3) arrange, in a manner
+ consistent with the requirements of this License, to extend the patent
+ license to downstream recipients. "Knowingly relying" means you have
+ actual knowledge that, but for the patent license, your conveying the
+ covered work in a country, or your recipient's use of the covered work
+ in a country, would infringe one or more identifiable patents in that
+ country that you have reason to believe are valid.
+ .
+ If, pursuant to or in connection with a single transaction or
+ arrangement, you convey, or propagate by procuring conveyance of, a
+ covered work, and grant a patent license to some of the parties
+ receiving the covered work authorizing them to use, propagate, modify
+ or convey a specific copy of the covered work, then the patent license
+ you grant is automatically extended to all recipients of the covered
+ work and works based on it.
+ .
+ A patent license is "discriminatory" if it does not include within
+ the scope of its coverage, prohibits the exercise of, or is
+ conditioned on the non-exercise of one or more of the rights that are
+ specifically granted under this License. You may not convey a covered
+ work if you are a party to an arrangement with a third party that is
+ in the business of distributing software, under which you make payment
+ to the third party based on the extent of your activity of conveying
+ the work, and under which the third party grants, to any of the
+ parties who would receive the covered work from you, a discriminatory
+ patent license (a) in connection with copies of the covered work
+ conveyed by you (or copies made from those copies), or (b) primarily
+ for and in connection with specific products or compilations that
+ contain the covered work, unless you entered into that arrangement,
+ or that patent license was granted, prior to 28 March 2007.
+ .
+ Nothing in this License shall be construed as excluding or limiting
+ any implied license or other defenses to infringement that may
+ otherwise be available to you under applicable patent law.
+ .
+ 12. No Surrender of Others' Freedom.
+ .
+ If conditions are imposed on you (whether by court order, agreement or
+ otherwise) that contradict the conditions of this License, they do not
+ excuse you from the conditions of this License. If you cannot convey a
+ covered work so as to satisfy simultaneously your obligations under this
+ License and any other pertinent obligations, then as a consequence you may
+ not convey it at all. For example, if you agree to terms that obligate you
+ to collect a royalty for further conveying from those to whom you convey
+ the Program, the only way you could satisfy both those terms and this
+ License would be to refrain entirely from conveying the Program.
+ .
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+ .
+ Notwithstanding any other provision of this License, if you modify the
+ Program, your modified version must prominently offer all users
+ interacting with it remotely through a computer network (if your version
+ supports such interaction) an opportunity to receive the Corresponding
+ Source of your version by providing access to the Corresponding Source
+ from a network server at no charge, through some standard or customary
+ means of facilitating copying of software. This Corresponding Source
+ shall include the Corresponding Source for any work covered by version 3
+ of the GNU General Public License that is incorporated pursuant to the
+ following paragraph.
+ .
+ Notwithstanding any other provision of this License, you have
+ permission to link or combine any covered work with a work licensed
+ under version 3 of the GNU General Public License into a single
+ combined work, and to convey the resulting work. The terms of this
+ License will continue to apply to the part which is the covered work,
+ but the work with which it is combined will remain governed by version
+ 3 of the GNU General Public License.
+ .
+ 14. Revised Versions of this License.
+ .
+ The Free Software Foundation may publish revised and/or new versions of
+ the GNU Affero General Public License from time to time. Such new versions
+ will be similar in spirit to the present version, but may differ in detail to
+ address new problems or concerns.
+ .
+ Each version is given a distinguishing version number. If the
+ Program specifies that a certain numbered version of the GNU Affero General
+ Public License "or any later version" applies to it, you have the
+ option of following the terms and conditions either of that numbered
+ version or of any later version published by the Free Software
+ Foundation. If the Program does not specify a version number of the
+ GNU Affero General Public License, you may choose any version ever published
+ by the Free Software Foundation.
+ .
+ If the Program specifies that a proxy can decide which future
+ versions of the GNU Affero General Public License can be used, that proxy's
+ public statement of acceptance of a version permanently authorizes you
+ to choose that version for the Program.
+ .
+ Later license versions may give you additional or different
+ permissions. However, no additional obligations are imposed on any
+ author or copyright holder as a result of your choosing to follow a
+ later version.
+ .
+ 15. Disclaimer of Warranty.
+ .
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+ APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+ HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+ OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+ THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+ IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+ .
+ 16. Limitation of Liability.
+ .
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+ WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+ THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+ GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+ USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+ DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+ PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+ EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+ SUCH DAMAGES.
+ .
+ 17. Interpretation of Sections 15 and 16.
+ .
+ If the disclaimer of warranty and limitation of liability provided
+ above cannot be given local legal effect according to their terms,
+ reviewing courts shall apply local law that most closely approximates
+ an absolute waiver of all civil liability in connection with the
+ Program, unless a warranty or assumption of liability accompanies a
+ copy of the Program in return for a fee.
+ .
+ END OF TERMS AND CONDITIONS
+ .
+ How to Apply These Terms to Your New Programs
+ .
+ If you develop a new program, and you want it to be of the greatest
+ possible use to the public, the best way to achieve this is to make it
+ free software which everyone can redistribute and change under these terms.
+ .
+ To do so, attach the following notices to the program. It is safest
+ to attach them to the start of each source file to most effectively
+ state the exclusion of warranty; and each file should have at least
+ the "copyright" line and a pointer to where the full notice is found.
+ .
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+ .
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+ .
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ Also add information on how to contact you by electronic and paper mail.
+ .
+ If your software can interact with users remotely through a computer
+ network, you should also make sure that it provides a way for users to
+ get its source. For example, if your program is a web application, its
+ interface could display a "Source" link that leads users to an archive
+ of the code. There are many ways you could offer source, and different
+ solutions will be better for different programs; see section 13 for the
+ specific requirements.
+ .
+ You should also get your employer (if you work as a programmer) or school,
+ if any, to sign a "copyright disclaimer" for the program, if necessary.
+ For more information on this, and how to apply and follow the GNU AGPL, see
+ <http://www.gnu.org/licenses/>.

debian/dirs

@@ -0,0 +1,2 @@
+usr/lib/moulinette
+usr/share/moulinette/actionsmap

debian/rules

@@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+
+export PYBUILD_NAME=moulinette
+
+%:
+	dh $@ --with python3 --buildsystem=pybuild

debian/source/format

@@ -0,0 +1 @@
+3.0 (native)

doc/Makefile

@@ -0,0 +1,24 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = python -msphinx
+SPHINXPROJ    = Moulinette
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+ldap_graph:
+	cat ldapsearch.result | python ldif2dot-0.1.py > ldap_graph.dot
+	dot -Tpng ldap_graph.dot > ldap_graph.png
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

doc/actionsmap.rst

@@ -0,0 +1,33 @@
+=================================
+Role and syntax of the actionsmap
+=================================
+
+.. _actionsmap:
+
+Principle
+=========
+
+The actionsmap allows to easily define commands and their arguments through
+a YAML file. Moulinette will automatically make the command available through
+the CLI and Rest API, and will be mapped to a python function.
+
+The illustration below summarizes how it works :
+
+.. image:: actionsmap.png
+
+
+Format of the actionmap
+=======================
+
+General description of categories/subcategories, actions, arguments.
+
+Authentication configuration
+----------------------------
+
+Document the `configuration: authenticate: all` LDAP stuff ... 
+
+Special options for arguments
+-----------------------------
+
+Document `nargs`, `metavar`, `extra: pattern`
+

doc/conf.py

@@ -0,0 +1,197 @@
+# -*- coding: utf-8 -*-
+#
+# Moulinette documentation build configuration file, created by
+# sphinx-quickstart on Mon Jul 17 03:57:28 2017.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+
+import os
+import sys
+
+sys.path.insert(0, os.path.abspath(".."))
+
+
+import sys
+from mock import Mock as MagicMock
+
+
+class Mock(MagicMock):
+    @classmethod
+    def __getattr__(cls, name):
+        return MagicMock()
+
+
+MOCK_MODULES = ["ldap", "ldap.modlist", "ldap.sasl"]
+sys.modules.update((mod_name, Mock()) for mod_name in MOCK_MODULES)
+
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx.ext.intersphinx",
+    "sphinx.ext.todo",
+    "sphinx.ext.viewcode",
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ["_templates"]
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = ".rst"
+
+# The master toctree document.
+master_doc = "index"
+
+# General information about the project.
+project = "Moulinette"
+copyright = "2017, YunoHost Collective"
+author = "YunoHost Collective"
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = "2.6.1"
+# The full version, including alpha/beta/rc tags.
+release = "2.6.1"
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This patterns also effect to html_static_path and html_extra_path
+exclude_patterns = ["_build", "Thumbs.db", ".DS_Store"]
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = "sphinx"
+
+# If true, `todo` and `todoList` produce output, else they produce nothing.
+todo_include_todos = True
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = "classic"
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ["_static"]
+
+# Custom sidebar templates, must be a dictionary that maps document names
+# to template names.
+#
+# This is required for the alabaster theme
+# refs: http://alabaster.readthedocs.io/en/latest/installation.html#sidebars
+html_sidebars = {
+    "**": [
+        # 'about.html',
+        # 'navigation.html',
+        # 'relations.html',  # needs 'show_related': True theme option to display
+        "searchbox.html",
+        # 'donate.html',
+    ]
+}
+
+
+# -- Options for HTMLHelp output ------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = "Moulinettedoc"
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    #
+    # 'papersize': 'letterpaper',
+    # The font size ('10pt', '11pt' or '12pt').
+    #
+    # 'pointsize': '10pt',
+    # Additional stuff for the LaTeX preamble.
+    #
+    # 'preamble': '',
+    # Latex figure (float) alignment
+    #
+    # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    (
+        master_doc,
+        "Moulinette.tex",
+        "Moulinette Documentation",
+        "YunoHost Collective",
+        "manual",
+    ),
+]
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [(master_doc, "moulinette", "Moulinette Documentation", [author], 1)]
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    (
+        master_doc,
+        "Moulinette",
+        "Moulinette Documentation",
+        author,
+        "Moulinette",
+        "One line description of project.",
+        "Miscellaneous",
+    ),
+]
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {"https://docs.python.org/": None}

doc/index.rst

@@ -0,0 +1,32 @@
+Welcome to Moulinette's documentation!
+======================================
+
+`https://github.com/yunohost/Moulinette <Moulinette>`_ is the internal
+framework used by `YunoHost <https://yunohost.org>`_ to generate both its web
+Rest API and CLI interface.
+
+This framework is aimed at: define once, get both CLI and web Rest API at the
+same time, offering easy and fast development and a ubiquitous experience from
+different interfaces.
+
+This documentation is mainly aimed for the YunoHost's collective and serves as
+a reference.
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+   actionsmap
+   ldap
+   m18n
+   utils/filesystem
+   utils/network
+   utils/process
+   utils/text
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`

doc/ldap.rst

@@ -0,0 +1,572 @@
+=================================================
+Common LDAP operation (for YunoHost but not only)
+=================================================
+
+Moulinette is deeply integrated with LDAP which is used for a series of things
+like:
+
+* storing users
+* storing domains (for users emails)
+* SSO
+
+This page document how to uses it on a programming side in YunoHost.
+
+Getting access to LDAP in a command
+===================================
+
+To get access to LDAP you need to authenticate against it, for that you need to
+declare your command with requiring authentication in the :ref:`actionsmap` this way:
+
+::
+
+    configuration:
+        authenticate: all
+
+
+Here is a complete example:
+
+::
+
+    somecommand:
+        category_help: ..
+        actions:
+
+            ### somecommand_stuff()
+            stuff:
+                action_help: ...
+                api: GET /...
+                configuration:
+                    authenticate: all
+
+This will prompt the user for a password in CLI.
+
+If you only need to **read** LDAP (and not modify it, for example by listing
+domains), then you prevent the need for a password by using the
+:file:`ldap-anonymous` authenticator this way:
+
+::
+
+    configuration:
+        authenticate: all
+        authenticator: ldap-anonymous
+
+
+Once you have declared your command like that, your python function will
+received the :file:`auth` object as first argument, it will be used to talk to
+LDAP, so you need to declare your function this way:
+
+::
+
+    def somecommand_stuff(auth, ...):
+        ...
+
+auth in the moulinette code
+---------------------------
+
+The :file:`auth` object is an instance of :file:`moulinette.authenticators.ldap.Authenticator` class.
+
+Here its docstring:
+
+.. autoclass:: moulinette.authenticators.ldap.Authenticator
+
+LDAP Schema
+===========
+
+This is a generated example of the ldap schema provided by YunoHost
+(to generate this graph uses :file:`make ldap_graph`, you'll need graphviz):
+
+.. image:: ldap_graph.png
+
+Reading from LDAP
+=================
+
+Reading data from LDAP is done using the :file:`auth` object received as first
+argument of the python function. To see how to get this object read the
+previous section.
+
+The API looks like this:
+
+::
+
+    auth.search(ldap_path, ldap_query)
+
+This will return a list of dictionary with strings as keys and list as values.
+
+You can also specify a list of attributes you want to access from LDAP using a list of string (on only one string apparently):
+
+::
+
+    auth.search(ldap_path, ldap_query, ['first_attribute', 'another_attribute'])
+
+For example, if we request the user :file:`alice` with its :file:`homeDirectory`, this would look like this:
+
+::
+
+    auth.search('ou=users,dc=yunohost,dc=org', '(&(objectclass=person)(uid=alice))', ['homeDirectory', 'another_attribute'])
+
+And as a result we will get:
+
+::
+
+    [{'homeDirectory': ['/home/alice']}]
+
+Notice that even for a single result we get a **list** of result and that every
+value in the dictionary is also a **list** of values. This is not really convenient and it would be better to have a real ORM, but for now we are stuck with that.
+
+Apparently if we don't specify the list of attributes it seems that we get all attributes (need to be confirmed).
+
+Here is the method docstring:
+
+.. automethod:: moulinette.authenticators.ldap.Authenticator.search
+
+Users LDAP schema
+-----------------
+
+According to :file:`ldapvi` this is the user schema (on YunoHost >3.7):
+
+::
+
+    # path: uid=the_unix_username,ou=users,dc=yunohost,dc=org
+    uid: the_unix_username
+    objectClass: mailAccount
+    objectClass: inetOrgPerson
+    objectClass: posixAccount
+    objectClass: userPermissionYnh
+    loginShell: /bin/false
+    uidNumber: 80833
+    maildrop: the_unix_username  # why?
+    cn: first_name last_name
+    displayName: first_name last_name
+    mailuserquota: some_value
+    gidNumber: 80833
+    sn: last_name
+    homeDirectory: /home/the_unix_username
+    mail: the_unix_username@domain.com
+    # if the user is the admin he will also have the following mails
+    mail: root@domain.com
+    mail: admin@domain.com
+    mail: webmaster@domain.com
+    mail: postmaster@domain.com
+    givenName: first_name
+    memberOf: cn=the_unix_username,ou=groups,dc=yunohost,dc=org
+    memberOf: cn=all_users,ou=groups,dc=yunohost,dc=org
+    permission: cn=main.mail,ou=permission,dc=yunohost,dc=org
+    permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+
+
+The admin user is a special case that looks like this:
+
+::
+
+    # path: cn=admin,dc=yunohost,dc=org
+    gidNumber: 1007
+    cn: admin
+    homeDirectory: /home/admin
+    objectClass: organizationalRole
+    objectClass: posixAccount
+    objectClass: simpleSecurityObject
+    loginShell: /bin/bash
+    description: LDAP Administrator
+    uidNumber: 1007
+    uid: admin
+
+Other user related schemas:
+
+::
+
+
+    # path: cn=admins,ou=groups,dc=yunohost,dc=org
+    objectClass: posixGroup
+    objectClass: top
+    memberUid: admin
+    gidNumber: 4001
+    cn: admins
+
+    # path: cn=admin,ou=sudo,dc=yunohost,dc=org
+    # this entry seems to specify which unix user is a sudoer
+    cn: admin
+    sudoCommand: ALL
+    sudoUser: admin
+    objectClass: sudoRole
+    objectClass: top
+    sudoOption: !authenticate
+    sudoHost: ALL
+
+Reading users from LDAP
+-----------------------
+
+The user schema is located at this path: :file:`ou=users,dc=yunohost,dc=org`
+
+According to already existing code, the queries we uses are:
+
+* :file:`'(&(objectclass=person)(!(uid=root))(!(uid=nobody)))'` to get all users (not that I've never encountered users with :file:`root` or :file:`nobody` uid in the ldap database, those might be there for historical reason)
+* :file:`'(&(objectclass=person)(uid=%s))' % username` to access one user data
+
+This give us the 2 following python calls:
+
+::
+
+    # all users
+    auth.search('ou=users,dc=yunohost,dc=org', '(&(objectclass=person)(!(uid=root))(!(uid=nobody)))')
+
+    # one user
+    auth.search('ou=users,dc=yunohost,dc=org', '(&(objectclass=person)(uid=some_username))')
+
+
+Apparently we could also access one user using the following path (and not query): :file:`uid=user_username,ou=users,dc=yunohost,dc=org` but I haven't test it.
+
+If you want specific attributes look at the general documentation on how to read from LDAP a bit above of this section.
+
+
+Group LDAP schema
+-----------------
+
+According to :file:`ldapvi` this is the user schema (on YunoHost >3.4):
+
+The groups will look like this:
+
+::
+
+    dn: cn=the_unix_username,ou=groups,dc=yunohost,dc=org
+    objectClass: top
+    objectClass: groupOfNamesYnh
+    objectClass: posixGroup
+    gidNumber: 48335
+    cn: the_unix_username
+    structuralObjectClass: posixGroup
+    member: uid=the_unix_username,ou=users,dc=yunohost,dc=org
+
+By default you will find in all case a group named `all_users` which will contains all Yunohost users.
+
+::
+
+    # path dn: cn=all_users,ou=groups,dc=yunohost,dc=org
+    objectClass: posixGroup
+    objectClass: groupOfNamesYnh
+    gidNumber: 4002
+    cn: all_users
+    structuralObjectClass: posixGroup
+    permission: cn=main.mail,ou=permission,dc=yunohost,dc=org
+    permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+    member: uid=the_unix_username,ou=users,dc=yunohost,dc=org
+    memberUid: the_unix_username
+
+Reading group from LDAP
+-----------------------
+
+The group schema is located at this path: :file:`ou=groups,dc=yunohost,dc=org`
+
+The queries we uses are the 2 following python calls:
+
+::
+
+    # all groups
+    auth.search('ou=groups,dc=yunohost,dc=org', '(objectclass=groupOfNamesYnh)')
+
+    # one groups
+    auth.search(base='ou=groups,dc=yunohost,dc=org', filter='cn=' + groupname)
+
+
+Permission LDAP schema
+----------------------
+
+According to :file:`ldapvi` this is the user schema (on YunoHost >3.4):
+
+The permission will look like this:
+
+::
+
+    dn: cn=main.mail,ou=permission,dc=yunohost,dc=org
+    objectClass: posixGroup
+    objectClass: permissionYnh
+    gidNumber: 5001
+    groupPermission: cn=all_users,ou=groups,dc=yunohost,dc=org
+    cn: main.mail
+    structuralObjectClass: posixGroup
+    memberUid: the_unix_username
+    inheritPermission: uid=the_unix_username,ou=users,dc=yunohost,dc=org
+
+By default you will have a permission for the mail and for metronome. When you install an application a permission also created.
+
+Reading permissions from LDAP
+-----------------------------
+
+The permission schema is located at this path: :file:`ou=permission,dc=yunohost,dc=org`
+
+The queries we uses are the 2 following python calls:
+
+::
+
+    # For all permission
+    auth.search('ou=permission,dc=yunohost,dc=org', '(objectclass=permissionYnh)')
+
+    # For one permission
+    auth.search(base='ou=permission,dc=yunohost,dc=org', filter='cn=' + permission_name)
+
+Domain LDAP schema
+------------------
+
+According to :file:`ldapvi` this is the domain schema (on YunoHost 2.7):
+
+::
+
+    10 virtualdomain=domain.com,ou=domains,dc=yunohost,dc=org
+    objectClass: mailDomain
+    objectClass: top
+    virtualdomain: domain.com
+
+
+Adding data in LDAP
+===================
+
+If you add an object linked to user, group or permission you need run the function `permission_sync_to_user` to keep integrity of permission in LDAP.
+
+Adding stuff in LDAP seems pretty simple, according to existing code it looks like this:
+
+::
+
+    auth.add('key=%s,ou=some_location', {'attribute1': 'value', ...})
+
+They weird stuff is the path you need to create. This looks like that for domain and users:
+
+::
+
+    # domain
+    auth.add('virtualdomain=%s,ou=domains' % domain, attr_dict)
+
+    # user
+    auth.add('uid=%s,ou=users' % username, attr_dict)
+
+You need to respect the expected attributes. Refer to the schema for that.
+
+:file:`auth.add` seems to return something false when it failed (None probably)
+so you need to check it's return code.
+
+Here is the docstring:
+
+.. automethod:: moulinette.authenticators.ldap.Authenticator.add
+
+Adding user in LDAP
+-------------------
+
+Here is how it's done for a new user:
+
+::
+
+    auth.add('uid=%s,ou=users' % username, {
+        'objectClass': ['mailAccount', 'inetOrgPerson', 'posixAccount'],
+        'givenName': firstname,
+        'sn': lastname,
+        'displayName': '%s %s' % (firstname, lastname),
+        'cn': fullname,
+        'uid': username,
+        'mail': mail,
+        'maildrop': username,
+        'mailuserquota': mailbox_quota,
+        'userPassword': user_pwd,
+        'gidNumber': uid,
+        'uidNumber': uid,
+        'homeDirectory': '/home/' + username,
+        'loginShell': '/bin/false'
+    })
+
+Adding a domain in LDAP
+-----------------------
+
+Here is how it's done for a new domain:
+
+::
+
+    auth.add('virtualdomain=%s,ou=domains' % domain, {
+        'objectClass': ['mailDomain', 'top']
+        'virtualdomain': domain,
+    })
+
+Updating LDAP data
+==================
+
+If you add an object linked to user, group or permission you need run the function `permission_sync_to_user` to keep integrity of permission in LDAP.
+
+Update a user from LDAP looks like a simplified version of searching. The syntax is the following one:
+
+::
+
+    auth.update(exact_path_to_object, {'attribute_to_modify': 'new_value', 'another_attribute_to_modify': 'another_value', ...})
+
+For example this will update a user :file:`loginShell`:
+
+::
+
+    auth.update('uid=some_username,ou=users', {'loginShell': '/bin/bash'})
+
+I don't know how this call behave if it fails and what it returns.
+
+Here is the method docstring:
+
+.. automethod:: moulinette.authenticators.ldap.Authenticator.update
+
+Updating a user in LDAP
+-------------------------
+
+This is done this way:
+
+::
+
+    auth.update('uid=some_username,ou=users', {'attribute': 'new_value', ...})
+
+Refer to the user schema to know which attributes you can modify.
+
+Validate uniqueness
+===================
+
+There is a method to validate the uniqueness of some entry that is used during
+user creation. It's useful by example to be sure that we have no conflict about email between each user.
+
+Here is how it's used (I don't understand why a path is not provided):
+
+::
+
+    # Validate uniqueness of username and mail in LDAP
+    auth.validate_uniqueness({
+        'uid': username,
+        'mail': mail
+    })
+
+And here is its docstring:
+
+.. automethod:: moulinette.authenticators.ldap.Authenticator.validate_uniqueness
+
+Get conflict
+============
+
+Like the last function `validate_uniqueness` but give instead of rising an error this function return which attribute with witch value generate a conflict.
+
+::
+
+    # Validate uniqueness of groupname in LDAP
+    conflict = auth.get_conflict({
+        'cn': groupname
+    }, base_dn='ou=groups,dc=yunohost,dc=org')
+    if conflict:
+        raise YunohostError('group_name_already_exist', name=groupname)
+
+Remove entries from LDAP
+========================
+
+If you add an object linked to user, group or permission you need run the function `permission_sync_to_user` to keep integrity of permission in LDAP.
+
+Remove entries from LDAP is very simple, quite close to adding stuff except you don't need to specify the attributes dict, you just need to entrie path:
+
+::
+
+    auth.remove(path)
+
+Here how it looks like for domain and user:
+
+::
+
+    # domain
+    auth.remove('virtualdomain=%s,ou=domains' % domain)
+
+    # user
+    auth.remove('uid=%s,ou=users' % username)
+
+:file:`auth.remove` returns something that evaluate to False when it fails
+(:file:`None` ?) so you need to check it returns code.
+
+.. automethod:: moulinette.authenticators.ldap.Authenticator.remove
+
+Reading LDIF file
+=================
+
+Reading parsing a ldif to be able to insert in the LDAP database is really easy. Here is how to get the content of a LDIF file
+
+::
+
+    from moulinette.utils.filesystem import read_ldif
+
+    my_reslut = read_ldif("your_file.ldif")
+
+
+Note that the main difference of what the auth object return with the search method is that this function return a 2-tuples with the "dn" and the LDAP entry.
+
+=============================
+LDAP architecture in Yunohost
+=============================
+
+In Yunohost to be able to manage the user and the permission we use 3 parts:
+
+* User object
+* Permission object
+* Group object
+
+We can see the interaction between these object as this following:
+
+.. image:: Yunohost_LDAP_documentation/LDAP_Liaison_logique_entre_objets.png
+
+As you can see there are link between these 3 objets:
+
+* The first link is between the user and the group. It define which user is in which group. Note that all user has a group with his name. Note that in all Yunohost instance you have a group named `all_users`. In this group you will find all Yunohost users.
+* The second link is between the permission and the groups. This link is defined by the administrator. By default all permission are linked to the group `all_users`, so all user will be allowed to access to this permission.
+* The third link between the User and the Permission is more technical. It give the possibility to the application to get a list of all user allowed to access to. This link is dynamically generated by core. The function `permission_sync_to_user` in the module `permission` do this work.
+
+The option `force` of the function `permission_sync_to_user` is used when you add the data to LDAP with `slapadd`. `slapadd` update the LDAP database without the LDAP demon process. The advantage of this is that you can bypass the integrity check (like the link between the object by the memberOf overlay). The disadvantage is that the the memberOf overlay wont update anything so if you don't fix the integrity after after to run `slapadd`, the permission in LDAP might be corrupted. Running the function permission_sync_to_user` with the option `force` will do this work to fix all integrity error.
+
+To be able to have an attribute in both is of theses 3 link we use the `memberOf` overlay in LDAP. This following line define the configuration to have these 3 link dynamically updated :
+
+::
+
+    # Link user <-> group
+    #dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
+    overlay                 memberof
+    memberof-group-oc       groupOfNamesYnh
+    memberof-member-ad      member
+    memberof-memberof-ad    memberOf
+    memberof-dangling       error
+    memberof-refint         TRUE
+
+    # Link permission <-> groupes
+    #dn: olcOverlay={1}memberof,olcDatabase={1}mdb,cn=config
+    overlay                 memberof
+    memberof-group-oc       permissionYnh
+    memberof-member-ad      groupPermission
+    memberof-memberof-ad    permission
+    memberof-dangling       error
+    memberof-refint         TRUE
+
+    # Link permission <-> user
+    #dn: olcOverlay={2}memberof,olcDatabase={1}mdb,cn=config
+    overlay                 memberof
+    memberof-group-oc       permissionYnh
+    memberof-member-ad      inheritPermission
+    memberof-memberof-ad    permission
+    memberof-dangling       error
+    memberof-refint         TRUE
+
+This foolwing example show how will be represented in LDAP as simple concept of permission.
+
+.. image:: Yunohost_LDAP_documentation/LDAP_Representation_logique.png
+
+This schema show what will be in LDAP in these following schema:
+
+.. image:: Yunohost_LDAP_documentation/Schema_LDAP_1.png
+.. image:: Yunohost_LDAP_documentation/Schema_LDAP_2.png
+
+=========================================
+LDAP integration in Yunohost applications
+=========================================
+
+To have a complete integration of LDAP in your application you need to configure LDAP as follow :
+
+::
+
+    Host:               ldap://localhost
+    Port:               389
+    Base DN:            dc=yunohost,dc=org
+    User DN:            ou=users,dc=yunohost,dc=org
+    Group DN:           ou=groups,dc=yunohost,dc=org
+    fiter :             (&(objectClass=posixAccount)(permission=cn=YOUR_APP.main,ou=permission,dc=yunohost,dc=org))
+    LDAP Username:      uid
+    LDAP Email Address: mail
+
+By this your application will get the list of all user allowed to access to your application.

doc/ldap_graph.dot

@@ -0,0 +1,583 @@
+strict digraph "<stdin>" {
+  rankdir=LR
+
+  fontname = "Helvetica"
+  fontsize = 10
+  splines  = true
+
+  node [
+    fontname = "Helvetica"
+    fontsize = 10
+    shape = "plaintext"
+  ]
+
+  edge [
+    fontname = "Helvetica"
+    fontsize = 10
+  ]
+
+
+
+  n0 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: dcObject</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organization</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">o: yunohost.org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">dc: yunohost</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+
+
+
+  n1 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=admin,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 1007</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: admin</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">homeDirectory: /home/admin</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalRole</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixAccount</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: simpleSecurityObject</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">loginShell: /bin/bash</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">description: LDAP Administrator</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uidNumber: 1007</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uid: admin</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n1
+
+
+
+  n2 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=users,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: users</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n2
+
+
+
+  n3 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=domains,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: domains</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n3
+
+
+
+  n4 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=groups,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: groups</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n4
+
+
+
+  n5 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=sudo,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: sudo</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n5
+
+
+
+  n6 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=apps,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: apps</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n6
+
+
+
+  n7 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: ou=permission,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: organizationalUnit</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">ou: permission</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n0->n7
+
+
+
+  n8 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=all_users,ou=groups,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: groupOfNamesYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 4002</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: all_users</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.mail,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">member: uid=alice,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">member: uid=example_admin_user,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: example_admin_user</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n4->n8
+
+
+
+  n9 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=admins,ou=groups,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: admin</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 4001</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: admins</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n4->n9
+
+
+
+  n10 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=admin,ou=sudo,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: admin</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sudoCommand: ALL</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sudoUser: admin</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: sudoRole</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sudoOption: !authenticate</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sudoHost: ALL</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n5->n10
+
+
+
+  n11 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=main.mail,ou=permission,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: permissionYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 5001</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">groupPermission: cn=all_users,ou=groups,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: main.mail</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">inheritPermission: uid=alice,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">inheritPermission: uid=example_admin_user,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n7->n11
+
+
+
+  n12 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: permissionYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 5002</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">groupPermission: cn=all_users,ou=groups,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: main.metronome</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">memberUid: example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">inheritPermission: uid=alice,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">inheritPermission: uid=example_admin_user,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n7->n12
+
+
+
+  n13 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: virtualdomain=domain.com,ou=domains,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: mailDomain</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">virtualdomain: domain.com</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n3->n13
+
+
+
+  n14 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uid: example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: mailAccount</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: inetOrgPerson</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixAccount</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: userPermissionYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">loginShell: /bin/false</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uidNumber: 23431</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">maildrop: example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: firstname lastname</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">displayName: firstname lastname</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mailuserquota: 0</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 23431</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sn: lastname</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">homeDirectory: /home/example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: example_admin_user@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: root@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: admin@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: webmaster@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: postmaster@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">givenName: firstname</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.mail,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n2->n14
+
+
+
+  n15 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=example_admin_user,ou=groups,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: groupOfNamesYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 23431</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: example_admin_user</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">member: uid=example_admin_user,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n4->n15
+
+
+
+  n16 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: uid=alice,ou=users,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uid: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: mailAccount</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: inetOrgPerson</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixAccount</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: userPermissionYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">loginShell: /bin/false</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">uidNumber: 98803</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">maildrop: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: alice pouet</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">displayName: alice pouet</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mailuserquota: 0</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 98803</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">sn: pouet</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">homeDirectory: /home/alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">mail: alice@domain.com</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">givenName: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.mail,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n2->n16
+
+
+
+  n17 [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+        <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    dn: cn=alice,ou=groups,dc=yunohost,dc=org
+    </FONT></TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: groupOfNamesYnh</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">objectClass: posixGroup</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">gidNumber: 98803</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">cn: alice</FONT>
+    </TD></TR>
+        <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">member: uid=alice,ou=users,dc=yunohost,dc=org</FONT>
+    </TD></TR>
+    </TABLE>
+  >]
+  n4->n17
+
+}
+

doc/ldapsearch.result

@@ -0,0 +1,196 @@
+# extended LDIF
+#
+# LDAPv3
+# base <dc=yunohost,dc=org> with scope subtree
+# filter: (objectclass=*)
+# requesting: ALL
+#
+
+# yunohost.org
+dn: dc=yunohost,dc=org
+objectClass: top
+objectClass: dcObject
+objectClass: organization
+o: yunohost.org
+dc: yunohost
+
+# admin, yunohost.org
+dn: cn=admin,dc=yunohost,dc=org
+gidNumber: 1007
+cn: admin
+homeDirectory: /home/admin
+objectClass: organizationalRole
+objectClass: posixAccount
+objectClass: simpleSecurityObject
+loginShell: /bin/bash
+description: LDAP Administrator
+uidNumber: 1007
+uid: admin
+
+# users, yunohost.org
+dn: ou=users,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+# domains, yunohost.org
+dn: ou=domains,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: domains
+
+# groups, yunohost.org
+dn: ou=groups,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: groups
+
+# sudo, yunohost.org
+dn: ou=sudo,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: sudo
+
+# apps, yunohost.org
+dn: ou=apps,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: apps
+
+# permission, yunohost.org
+dn: ou=permission,dc=yunohost,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: permission
+
+# all_users, groups, yunohost.org
+dn: cn=all_users,ou=groups,dc=yunohost,dc=org
+objectClass: posixGroup
+objectClass: groupOfNamesYnh
+gidNumber: 4002
+cn: all_users
+permission: cn=main.mail,ou=permission,dc=yunohost,dc=org
+permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+member: uid=alice,ou=users,dc=yunohost,dc=org
+member: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+memberUid: alice
+memberUid: example_admin_user
+
+# admins, groups, yunohost.org
+dn: cn=admins,ou=groups,dc=yunohost,dc=org
+objectClass: posixGroup
+objectClass: top
+memberUid: admin
+gidNumber: 4001
+cn: admins
+
+# admin, sudo, yunohost.org
+dn: cn=admin,ou=sudo,dc=yunohost,dc=org
+cn: admin
+sudoCommand: ALL
+sudoUser: admin
+objectClass: sudoRole
+objectClass: top
+sudoOption: !authenticate
+sudoHost: ALL
+
+# main.mail, permission, yunohost.org
+dn: cn=main.mail,ou=permission,dc=yunohost,dc=org
+objectClass: posixGroup
+objectClass: permissionYnh
+gidNumber: 5001
+groupPermission: cn=all_users,ou=groups,dc=yunohost,dc=org
+cn: main.mail
+memberUid: alice
+memberUid: example_admin_user
+inheritPermission: uid=alice,ou=users,dc=yunohost,dc=org
+inheritPermission: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+
+# main.metronome, permission, yunohost.org
+dn: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+objectClass: posixGroup
+objectClass: permissionYnh
+gidNumber: 5002
+groupPermission: cn=all_users,ou=groups,dc=yunohost,dc=org
+cn: main.metronome
+memberUid: alice
+memberUid: example_admin_user
+inheritPermission: uid=alice,ou=users,dc=yunohost,dc=org
+inheritPermission: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+
+# domain.com, domains, yunohost.org
+dn: virtualdomain=domain.com,ou=domains,dc=yunohost,dc=org
+objectClass: mailDomain
+objectClass: top
+virtualdomain: domain.com
+
+# example_admin_user, users, yunohost.org
+dn: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+uid: example_admin_user
+objectClass: mailAccount
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: userPermissionYnh
+loginShell: /bin/false
+uidNumber: 23431
+maildrop: example_admin_user
+cn: firstname lastname
+displayName: firstname lastname
+mailuserquota: 0
+gidNumber: 23431
+sn: lastname
+homeDirectory: /home/example_admin_user
+mail: example_admin_user@domain.com
+mail: root@domain.com
+mail: admin@domain.com
+mail: webmaster@domain.com
+mail: postmaster@domain.com
+givenName: firstname
+permission: cn=main.mail,ou=permission,dc=yunohost,dc=org
+permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+
+# example_admin_user, groups, yunohost.org
+dn: cn=example_admin_user,ou=groups,dc=yunohost,dc=org
+objectClass: top
+objectClass: groupOfNamesYnh
+objectClass: posixGroup
+gidNumber: 23431
+cn: example_admin_user
+member: uid=example_admin_user,ou=users,dc=yunohost,dc=org
+
+# alice, users, yunohost.org
+dn: uid=alice,ou=users,dc=yunohost,dc=org
+uid: alice
+objectClass: mailAccount
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: userPermissionYnh
+loginShell: /bin/false
+uidNumber: 98803
+maildrop: alice
+cn: alice pouet
+displayName: alice pouet
+mailuserquota: 0
+gidNumber: 98803
+sn: pouet
+homeDirectory: /home/alice
+mail: alice@domain.com
+givenName: alice
+permission: cn=main.mail,ou=permission,dc=yunohost,dc=org
+permission: cn=main.metronome,ou=permission,dc=yunohost,dc=org
+
+# alice, groups, yunohost.org
+dn: cn=alice,ou=groups,dc=yunohost,dc=org
+objectClass: top
+objectClass: groupOfNamesYnh
+objectClass: posixGroup
+gidNumber: 98803
+cn: alice
+member: uid=alice,ou=users,dc=yunohost,dc=org
+
+# search result
+search: 2
+result: 0 Success
+
+# numResponses: 19
+# numEntries: 18

doc/ldif2dot-0.1.py

@@ -0,0 +1,213 @@
+#!/usr/bin/python
+# A simple script to convert an LDIF file to DOT format for drawing graphs.
+# Copyright 2009 Marcin Owsiany <marcin@owsiany.pl>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+"""A simple script to convert an LDIF file to DOT format for drawing graphs.
+
+So far it only supports the most basic form of entry records: "attrdesc: value".
+In particular line continuations, BASE64 or other encodings, change records,
+include statements, etc...  are not supported.
+
+Example usage, assuming your DIT's base is dc=nodomain:
+
+ldapsearch -x -b 'dc=nodomain' | \\
+  ldif2dot | \\
+  dot -o nodomain.png -Nshape=box -Tpng /dev/stdin
+
+"""
+
+
+import sys
+
+
+class Element:
+    """Represents an LDIF entry."""
+
+    def __init__(self):
+        """Initializes an object."""
+        self.attributes = []
+
+    def __repr__(self):
+        """Returns a basic state dump."""
+        return "Element" + str(self.index) + str(self.attributes)
+
+    def add(self, line):
+        """Adds a line of input to the object.
+
+        Args:
+         - line: a string with trailing newline stripped
+
+        Returns: True if this object is ready for processing (i.e. a separator
+        line was passed). Otherwise returns False. Behaviour is undefined if
+        this method is called after a previous invocation has returned True.
+        """
+
+        def _valid(line):
+            return line and not line.startswith("#")
+
+        def _interesting(line):
+            return line != "objectClass: top"
+
+        if self.is_valid() and not _valid(line):
+            return True
+        if _valid(line) and _interesting(line):
+            self.attributes.append(line)
+        return False
+
+    def is_valid(self):
+        """Indicates whether a valid entry has been read."""
+        return len(self.attributes) != 0 and self.attributes[0].startswith("dn: ")
+
+    def dn(self):
+        """Returns the DN for this entry."""
+        if self.attributes[0].startswith("dn: "):
+            return self.attributes[0][4:]
+        else:
+            return None
+
+    def edge(self, dnmap):
+        """Returns a text represenation of a grapsh edge.
+
+        Finds its parent in provided dnmap (dictionary mapping dn names to
+        Element objects) and returns a string which declares a DOT edge, or an
+        empty string, if no parent was found.
+        """
+        dn_components = self.dn().split(",")
+        for i in range(1, len(dn_components) + 1):
+            parent = ",".join(dn_components[i:])
+            if parent in dnmap:
+                return "  n%d->n%d\n" % (dnmap[parent].index, self.index)
+        return ""
+
+    def dot(self, dnmap):
+        """Returns a text representation of the node and perhaps its parent edge.
+
+        Args:
+         - dnmap: dictionary mapping dn names to Element objects
+        """
+
+        def _format(attributes):
+            result = [TITLE_ENTRY_TEMPALTE % attributes[0]]
+
+            for attribute in attributes[1:]:
+                result.append(ENTRY_TEMPALTE % attribute)
+
+            return result
+
+        return TABLE_TEMPLATE % (
+            self.index,
+            "\n    ".join(_format(self.attributes)),
+            self.edge(dnmap),
+        )
+
+
+class Converter:
+    """An LDIF to DOT converter."""
+
+    def __init__(self):
+        """Initializes the object."""
+        self.elements = []
+        self.dnmap = {}
+
+    def _append(self, e):
+        """Adds an element to internal list and map.
+
+        First sets it up with an index in the list, for node naming.
+        """
+        index = len(self.elements)
+        e.index = index
+        self.elements.append(e)
+        self.dnmap[e.dn()] = e
+
+    def parse(self, file, name):
+        """Reads the given file into memory.
+
+        Args:
+         - file: an object which yields text lines on iteration.
+         - name: a name for the graph
+
+        Returns a string containing the graph in DOT format.
+        """
+        e = Element()
+        for line in file:
+            line = line.rstrip()
+            if e.add(line):
+                self._append(e)
+                e = Element()
+        if e.is_valid():
+            self._append(e)
+        return BASE_TEMPLATE % (
+            name,
+            "".join([e.dot(self.dnmap) for e in self.elements]),
+        )
+
+
+BASE_TEMPLATE = """\
+strict digraph "%s" {
+  rankdir=LR
+
+  fontname = "Helvetica"
+  fontsize = 10
+  splines  = true
+
+  node [
+    fontname = "Helvetica"
+    fontsize = 10
+    shape = "plaintext"
+  ]
+
+  edge [
+    fontname = "Helvetica"
+    fontsize = 10
+  ]
+
+%s}
+"""
+
+TABLE_TEMPLATE = """\n
+  n%d [label=<
+    <TABLE BGCOLOR="palegoldenrod" BORDER="0" CELLBORDER="0" CELLSPACING="0">
+    %s
+    </TABLE>
+  >]
+%s
+"""
+
+TITLE_ENTRY_TEMPALTE = """\
+    <TR><TD CELLPADDING="4" ALIGN="CENTER" BGCOLOR="olivedrab4">
+    <FONT FACE="Helvetica Bold" COLOR="white">
+    %s
+    </FONT></TD></TR>\
+"""
+
+ENTRY_TEMPALTE = """\
+    <TR><TD BORDER="0" ALIGN="LEFT">
+    <FONT FACE="Helvetica Bold">%s</FONT>
+    </TD></TR>\
+"""
+
+
+if __name__ == "__main__":
+    if len(sys.argv) > 2:
+        raise "Expected at most one argument."
+    elif len(sys.argv) == 2:
+        name = sys.argv[1]
+        file = open(sys.argv[1], "r")
+    else:
+        name = "<stdin>"
+        file = sys.stdin
+    print(Converter().parse(file, name))

doc/m18n.rst

@@ -0,0 +1,38 @@
+Translations using the m18n object
+==================================
+
+The moulinette provides a way to do translations and YunoHost uses it. This is
+done via the `m18n` object that you can import this way:
+
+::
+
+    from moulinette import m18n
+
+The `m18n` object comes with 2 method:
+
+* `m18n.n` to uses for translations within YunoHost
+* `m18n.g` to uses for translations within Moulinette itself
+
+Their API is identical.
+
+Here are example of uses:
+
+::
+
+    m18n.n('some_translation_key')
+    m18n.g('some_translation_key')
+
+    m18n.n('some_translation_key', string_formating_argument_1=some_variable)
+    m18n.g('some_translation_key', string_formating_argument_1=some_variable)
+
+The translation key must be present in `locales/en.json` of either YunoHost
+(for `.n`) or moulinette (for `.g`).
+
+Docstring
+---------
+
+As a reference, here are the docstrings of the m18n class:
+
+.. autoclass:: moulinette.core.Moulinette18n
+.. automethod:: moulinette.core.Moulinette18n.n
+.. automethod:: moulinette.core.Moulinette18n.g

doc/make.bat

@@ -0,0 +1,36 @@
+@ECHO OFF
+
+pushd %~dp0
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+	set SPHINXBUILD=python -msphinx
+)
+set SOURCEDIR=.
+set BUILDDIR=_build
+set SPHINXPROJ=Moulinette
+
+if "%1" == "" goto help
+
+%SPHINXBUILD% >NUL 2>NUL
+if errorlevel 9009 (
+	echo.
+	echo.The Sphinx module was not found. Make sure you have Sphinx installed,
+	echo.then set the SPHINXBUILD environment variable to point to the full
+	echo.path of the 'sphinx-build' executable. Alternatively you may add the
+	echo.Sphinx directory to PATH.
+	echo.
+	echo.If you don't have Sphinx installed, grab it from
+	echo.http://sphinx-doc.org/
+	exit /b 1
+)
+
+%SPHINXBUILD% -M %1 %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+goto end
+
+:help
+%SPHINXBUILD% -M help %SOURCEDIR% %BUILDDIR% %SPHINXOPTS%
+
+:end
+popd

doc/requirements.txt

@@ -0,0 +1,4 @@
+sphinx
+mock
+pyyaml
+toml

doc/utils/filesystem.rst

@@ -0,0 +1,14 @@
+File system operation utils
+===========================
+
+.. autofunction:: moulinette.utils.filesystem.read_file
+.. autofunction:: moulinette.utils.filesystem.read_json
+.. autofunction:: moulinette.utils.filesystem.read_yaml
+.. autofunction:: moulinette.utils.filesystem.read_toml
+.. autofunction:: moulinette.utils.filesystem.write_to_file
+.. autofunction:: moulinette.utils.filesystem.append_to_file
+.. autofunction:: moulinette.utils.filesystem.write_to_json
+.. autofunction:: moulinette.utils.filesystem.mkdir
+.. autofunction:: moulinette.utils.filesystem.chown
+.. autofunction:: moulinette.utils.filesystem.chmod
+.. autofunction:: moulinette.utils.filesystem.rm

doc/utils/network.rst

@@ -0,0 +1,5 @@
+Network operation utils
+=======================
+
+.. autofunction:: moulinette.utils.network.download_text
+.. autofunction:: moulinette.utils.network.download_json

doc/utils/process.rst

@@ -0,0 +1,7 @@
+Process operation utils
+=======================
+
+.. autofunction:: moulinette.utils.process.check_output
+.. autofunction:: moulinette.utils.process.call_async_output
+.. autofunction:: moulinette.utils.process.run_commands
+.. autofunction:: moulinette.utils.process.LogPipe

doc/utils/text.rst

@@ -0,0 +1,7 @@
+Text operation utils
+====================
+
+.. autofunction:: moulinette.utils.text.search
+.. autofunction:: moulinette.utils.text.searchf
+.. autofunction:: moulinette.utils.text.prependlines
+.. autofunction:: moulinette.utils.text.random_ascii

generate_api_doc.py

@@ -1,181 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-""" License
-
-    Copyright (C) 2013 YunoHost
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-"""
-    Generate JSON specification files API
-"""
-import os
-import sys
-import yaml
-import json
-import requests
-from yunohost import str_to_func, __version__
-
-def main():
-    """
-
-    """
-    with open('action_map.yml') as f:
-        action_map = yaml.load(f)
-
-    try:
-        with open('/etc/yunohost/current_host', 'r') as f:
-            domain = f.readline().rstrip()
-    except IOError:
-        domain = requests.get('http://ip.yunohost.org').text
-
-    with open('action_map.yml') as f:
-        action_map = yaml.load(f)
-
-    resource_list = {
-        'apiVersion': __version__,
-        'swaggerVersion': '1.1',
-        'basePath': 'http://'+ domain + ':6767',
-        'apis': []
-    }
-
-    resources = {}
-
-    del action_map['general_arguments']
-    for category, category_params in action_map.items():
-        if 'category_help' not in category_params: category_params['category_help'] = ''
-        resource_path = '/api/'+ category
-        resource_list['apis'].append({
-            'path': resource_path,
-            'description': category_params['category_help']
-        })
-        resources[category] = {
-            'apiVersion': __version__,
-            'swaggerVersion': '1.1',
-            'basePath': 'http://'+ domain + ':6767',
-            'apis': []
-        }
-
-        resources[category]['resourcePath'] = resource_path
-
-        registered_paths = {}
-
-        for action, action_params in category_params['actions'].items():
-            if 'action_help' not in action_params:
-                action_params['action_help'] = ''
-            if 'api' not in action_params:
-                action_params['api'] = 'GET /'+ category +'/'+ action
-
-            method, path = action_params['api'].split(' ')
-            key_param = ''
-            if '{' in path:
-                key_param = path[path.find("{")+1:path.find("}")]
-
-            notes = ''
-            if str_to_func('yunohost_'+ category +'.'+ category +'_'+ action) is None:
-                notes = 'Not yet implemented'
-
-            operation = {
-                'httpMethod': method,
-                'nickname': category +'_'+ action,
-                'summary': action_params['action_help'],
-                'notes': notes,
-                'errorResponses': []
-            }
-
-            if 'arguments' in action_params:
-                operation['parameters'] = []
-                for arg_name, arg_params in action_params['arguments'].items():
-                    if 'help' not in arg_params:
-                        arg_params['help'] = ''
-                    param_type = 'query'
-                    allow_multiple = False
-                    required = True
-                    allowable_values = None
-                    name = arg_name.replace('-', '_')
-                    if name[0] == '_':
-                        required = False
-                        if 'full' in arg_params:
-                            name = arg_params['full'][2:]
-                        else:
-                            name = name[2:]
-                        name = name.replace('-', '_')
-
-                    if 'nargs' in arg_params:
-                        if arg_params['nargs'] == '*':
-                            allow_multiple = True
-                            required = False
-                        if arg_params['nargs'] == '+':
-                            allow_multiple = False
-                            required = True
-                    else:
-                        allow_multiple = False
-                    if 'choices' in arg_params:
-                        allowable_values = {
-                            'valueType': 'LIST',
-                            'values': arg_params['choices']
-                        }
-                    if 'action' in arg_params and arg_params['action'] == 'store_true':
-                        allowable_values = {
-                            'valueType': 'LIST',
-                            'values': ['true', 'false']
-                        }
-
-                    if name == key_param:
-                        param_type = 'path'
-                        required = True
-                        allow_multiple = False
-
-                    parameters = {
-                        'paramType': param_type,
-                        'name': name,
-                        'description': arg_params['help'],
-                        'dataType': 'string',
-                        'required': required,
-                        'allowMultiple': allow_multiple
-                    }
-                    if allowable_values is not None:
-                        parameters['allowableValues'] = allowable_values
-
-                    operation['parameters'].append(parameters)
-
-
-            if path in registered_paths:
-                resources[category]['apis'][registered_paths[path]]['operations'].append(operation)
-                resources[category]['apis'][registered_paths[path]]['description'] = ''
-            else:
-                registered_paths[path] = len(resources[category]['apis'])
-                resources[category]['apis'].append({
-                    'path': path,
-                    'description': action_params['action_help'],
-                    'operations': [operation]
-                })
-
-
-    try: os.listdir(os.getcwd() +'/doc')
-    except OSError: os.makedirs(os.getcwd() +'/doc')
-
-    for category, api_dict in resources.items():
-        with open(os.getcwd() +'/doc/'+ category +'.json', 'w') as f:
-              json.dump(api_dict, f)
-
-    with open(os.getcwd() +'/doc/resources.json', 'w') as f:
-        json.dump(resource_list, f)
-
-
-if __name__ == '__main__':
-    sys.exit(main())

generate_function_doc.py

@@ -1,114 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-""" License
-
-    Copyright (C) 2013 YunoHost
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published
-    by the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-"""
-    Generate function header documentation
-"""
-import os
-import sys
-import yaml
-import re
-
-def main():
-    """
-
-    """
-    with open('action_map.yml') as f:
-        action_map = yaml.load(f)
-
-    resources = {}
-
-    del action_map['general_arguments']
-    for category, category_params in action_map.items():
-        if 'category_help' not in category_params: category_params['category_help'] = ''
-
-        with open('yunohost_'+ category +'.py', 'r') as f:
-            lines = f.readlines()
-        with open('yunohost_'+ category +'.py', 'w') as f:
-            in_block = False
-            for line in lines:
-                if in_block:
-                    if re.search(r'^"""', line):
-                        in_block = False
-                        f.write('\n')
-                        f.write('    '+ category_params['category_help'] +'\n')
-                        f.write('"""\n')
-                else:
-                    f.write(line)
-
-                if re.search(r'^""" yunohost_'+ category, line):
-                    in_block = True
-
-        for action, action_params in category_params['actions'].items():
-            if 'action_help' not in action_params:
-                action_params['action_help'] = ''
-
-            help_lines = [
-                '    """',
-                '    '+ action_params['action_help'],
-                ''
-            ]
-
-            if 'arguments' in action_params:
-                help_lines.append('    Keyword argument:')
-                for arg_name, arg_params in action_params['arguments'].items():
-                    if 'help' in arg_params:
-                        help = ' -- '+ arg_params['help']
-                    else:
-                        help = ''
-                    name = arg_name.replace('-', '_')
-                    if name[0] == '_':
-                        required = False
-                        if 'full' in arg_params:
-                            name = arg_params['full'][2:]
-                        else:
-                            name = name[2:]
-                        name = name.replace('-', '_')
-
-                    help_lines.append('        '+ name + help)
-
-            help_lines.append('')
-            help_lines.append('    """')
-
-            with open('yunohost_'+ category +'.py', 'r') as f:
-                lines = f.readlines()
-            with open('yunohost_'+ category +'.py', 'w') as f:
-                in_block = False
-                first_quotes = True
-                for line in lines:
-                    if in_block:
-                        if re.search(r'^    """', line):
-                            if first_quotes:
-                                first_quotes = False
-                            else:
-                                in_block = False
-                                for help_line in help_lines:
-                                    f.write(help_line +'\n')
-                    else:
-                        f.write(line)
-
-                    if re.search(r'^def '+ category +'_'+ action +'\(', line):
-                        in_block = True
-
-
-if __name__ == '__main__':
-    sys.exit(main())

lib/test/test.py

@@ -1,19 +0,0 @@
-
-def test_non_auth():
-    return {'action': 'non-auth'}
-
-def test_auth(auth):
-    return {'action': 'auth',
-            'authenticator': 'default', 'authenticate': 'all'}
-
-def test_auth_profile(auth):
-    return {'action': 'auth-profile',
-            'authenticator': 'test-profile', 'authenticate': 'all'}
-
-def test_auth_cli():
-    return {'action': 'auth-cli',
-            'authenticator': 'default', 'authenticate': ['cli']}
-
-def test_anonymous():
-    return {'action': 'anonymous',
-            'authenticator': 'ldap-anonymous', 'authenticate': 'all'}

locales/ar.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "المُعامِل '{argument}' مطلوب",
+    "authentication_required": "المصادقة مطلوبة",
+    "confirm": "تأكيد {prompt}",
+    "deprecated_command": "'{prog} {command}' تم التخلي عنه و سوف تتم إزالته مستقبلا",
+    "deprecated_command_alias": "'{prog} {old}' تم التخلي عنه و سوف يتم إزالته مستقبلا، إستخدم '{prog} {new}' بدلا من ذلك",
+    "error": "خطأ :",
+    "file_not_exist": "الملف غير موجود : '{path}'",
+    "folder_exists": "إنّ المجلد موجود من قبل : '{path}'",
+    "instance_already_running": "هناك بالفعل عملية YunoHost جارية. الرجاء الانتظار حتى ينتهي الأمر قبل تشغيل آخر.",
+    "invalid_argument": "المُعامِل غير صالح '{argument}': {error}",
+    "invalid_usage": "إستعمال غير صالح، إستخدم --help لعرض المساعدة",
+    "logged_in": "مُتّصل",
+    "logged_out": "تم تسجيل خروجك",
+    "not_logged_in": "لم تقم بعدُ بتسجيل دخولك",
+    "operation_interrupted": "تم توقيف العملية",
+    "password": "كلمة السر",
+    "pattern_not_match": "لا يتطابق مع النموذج",
+    "root_required": "يتوجب عليك أن تكون مدير الجذر root للقيام بهذا الإجراء",
+    "server_already_running": "هناك خادم يشتغل على ذاك المنفذ",
+    "success": "تم بنجاح !",
+    "unable_authenticate": "تعذرت المصادقة",
+    "unknown_group": "الفريق '{group}' مجهول",
+    "unknown_user": "المستخدم '{user}' مجهول",
+    "values_mismatch": "القيمتين غير متطابقتين",
+    "warning": "تحذير :",
+    "websocket_request_expected": "كان ينتظر طلبًا عبر الويب سوكت WebSocket",
+    "cannot_open_file": "ليس بالإمكان فتح الملف {file} (السبب : {error})",
+    "cannot_write_file": "لا يمكن الكتابة في الملف {file} (السبب : {error})",
+    "unknown_error_reading_file": "طرأ هناك خطأ ما أثناء عملية قراءة الملف {file} (السبب: {error})",
+    "corrupted_json": "قراءة ملف JSON مُشوّهة مِن {ressource} (السبب : {error})",
+    "error_writing_file": "طرأ هناك خطأ أثناء الكتابة في الملف {file}: {error}",
+    "error_removing": "خطأ أثناء عملية حذف {path}: {error}",
+    "error_changing_file_permissions": "خطأ أثناء عملية تعديل التصريحات لـ {path}: {error}",
+    "invalid_url": "فشل الاتصال بـ {url}… ربما تكون الخدمة معطلة ، أو أنك غير متصل بشكل صحيح بالإنترنت في IPv4 / IPv6.",
+    "download_ssl_error": "خطأ في الاتصال الآمن عبر الـ SSL أثناء محاولة الربط بـ {url}",
+    "download_timeout": "{url} استغرق مدة طويلة جدا للإستجابة، فتوقّف.",
+    "download_unknown_error": "خطأ أثناء عملية تنزيل البيانات مِن {url} : {error}",
+    "download_bad_status_code": "{url} أعاد رمز الحالة {code}",
+    "corrupted_yaml": "قراءة مُشوّهة لملف YAML مِن {ressource} (السبب : {error})",
+    "info": "معلومة:",
+    "warn_the_user_about_waiting_lock_again": "جارٍ الانتظار…",
+    "warn_the_user_that_lock_is_acquired": "لقد انتهى تنفيذ ذاك الأمر للتوّ ، جارٍ تنفيذ هذا الأمر",
+    "warn_the_user_about_waiting_lock": "هناك أمر لـ YunoHost قيد التشغيل حاليا. في انتظار انتهاء تنفيذه قبل تشغيل التالي",
+    "edit_text_question": "{}. تعديل هذا النص؟ [yN]: ",
+    "corrupted_toml": "قراءة مُشوّهة لملف TOML مِن {ressource} (السبب : {error})"
+}

locales/bn_BD.json

@@ -0,0 +1,4 @@
+{
+    "logged_out": "প্রস্থান",
+    "password": "পাসওয়ার্ড"
+}

locales/br.json

@@ -0,0 +1 @@
+{}

locales/ca.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Es requereix l'argument «{argument}»",
+    "authentication_required": "Es requereix autenticació",
+    "confirm": "Confirmar {prompt}",
+    "deprecated_command": "{prog}{command}és obsolet i es desinstal·larà en el futur",
+    "deprecated_command_alias": "{prog}{old}és obsolet i es desinstal·larà en el futur, utilitzeu {prog}{new}en el seu lloc",
+    "error": "Error:",
+    "file_not_exist": "El fitxer no existeix: '{path}'",
+    "folder_exists": "La carpeta ja existeix: '{path}'",
+    "instance_already_running": "Ja hi ha una operació de YunoHost en curs. Espereu a que s'acabi abans d'executar-ne una altra.",
+    "invalid_argument": "Argument invàlid '{argument}': {error}",
+    "invalid_usage": "Utilització invàlida, utilitzeu --help per veure l'ajuda",
+    "logged_in": "Sessió iniciada",
+    "logged_out": "Sessió tancada",
+    "not_logged_in": "No ha iniciat sessió",
+    "operation_interrupted": "Operació interrompuda",
+    "password": "Contrasenya",
+    "pattern_not_match": "No coincideix amb el patró",
+    "root_required": "Ha de ser root per realitzar aquesta acció",
+    "server_already_running": "Ja s'està executant un servidor en aquest port",
+    "success": "Èxit!",
+    "unable_authenticate": "No s'ha pogut autenticar",
+    "unknown_group": "Grup '{group}' desconegut",
+    "unknown_user": "Usuari '{user}' desconegut",
+    "values_mismatch": "Els valors no coincideixen",
+    "warning": "Atenció:",
+    "websocket_request_expected": "S'esperava una petició WebSocket",
+    "cannot_open_file": "No s'ha pogut obrir el fitxer {file} (motiu: {error})",
+    "cannot_write_file": "No s'ha pogut escriure el fitxer {file} (motiu: {error})",
+    "unknown_error_reading_file": "Error desconegut al intentar llegir el fitxer {file} (motiu: {error})",
+    "corrupted_json": "JSON corrupte llegit des de {ressource} (motiu: {error})",
+    "corrupted_yaml": "YAML corrupte llegit des de {ressource} (motiu: {error})",
+    "error_writing_file": "Error al escriure el fitxer {file}: {error}",
+    "error_removing": "Error al eliminar {path}: {error}",
+    "error_changing_file_permissions": "Error al canviar els permisos per {path}: {error}",
+    "invalid_url": "No s'ha pogut connectar a {url}… pot ser que el servei estigui caigut, o que no hi hagi connexió a Internet amb IPv4/IPv6.",
+    "download_ssl_error": "Error SSL al connectar amb {url}",
+    "download_timeout": "{url} ha tardat massa en respondre, s'ha deixat d'esperar.",
+    "download_unknown_error": "Error al baixar dades des de {url}: {error}",
+    "download_bad_status_code": "{url} ha retornat el codi d'estat {code}",
+    "info": "Info:",
+    "corrupted_toml": "El fitxer TOML ha estat corromput en la lectura des de {ressource} (motiu: {error})",
+    "warn_the_user_about_waiting_lock": "Hi ha una altra ordre de YunoHost en execució, s'executarà aquesta ordre un cop l'anterior hagi acabat",
+    "warn_the_user_about_waiting_lock_again": "Encara en espera…",
+    "warn_the_user_that_lock_is_acquired": "L'altra ordre tot just ha acabat, ara s'executarà aquesta ordre",
+    "edit_text_question": "{}. Edita aquest text ? [yN]: "
+}

locales/ckb.json

@@ -0,0 +1 @@
+{}

locales/cmn.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "参数“{argument}”是必须的",
+    "authentication_required": "需要验证",
+    "confirm": "确认 {prompt}",
+    "deprecated_command": "{prog}{command}已经放弃使用，将来会删除",
+    "deprecated_command_alias": "{prog}{old}已经放弃使用，将来会删除，请使用{prog}{new}代替",
+    "error": "错误:",
+    "file_not_exist": "文件不存在: '{path}'",
+    "folder_exists": "目录已存在: '{path}'",
+    "info": "信息：",
+    "instance_already_running": "已经有一个YunoHost操作正在运行。 请等待它完成再运行另一个。",
+    "invalid_argument": "参数错误{argument}：{error}",
+    "invalid_usage": "用法错误，输入 --help 查看帮助信息",
+    "logged_in": "登录",
+    "logged_out": "登出",
+    "not_logged_in": "您未登录",
+    "operation_interrupted": "操作中断",
+    "password": "密码",
+    "pattern_not_match": "模式匹配失败",
+    "root_required": "必须以root身份进行此操作",
+    "server_already_running": "服务已运行在指定端口",
+    "success": "成功！",
+    "unable_authenticate": "认证失败",
+    "unknown_group": "未知组{group}",
+    "unknown_user": "未知用户{user}",
+    "values_mismatch": "值不匹配",
+    "warning": "警告：",
+    "websocket_request_expected": "期望一个WebSocket请求",
+    "cannot_open_file": "不能打开文件{file}（原因：{error}）",
+    "cannot_write_file": "写入文件{file}失败（原因：{error}）",
+    "unknown_error_reading_file": "尝试读取文件{file}时发生未知错误（原因：{error}）",
+    "corrupted_json": "从{ressource}读取的JSON损坏（原因：{error}）",
+    "corrupted_yaml": "从{ressource}读取的YMAL损坏（原因：{error}）",
+    "error_writing_file": "写入文件{file}失败：{error}",
+    "error_removing": "删除路径{path}失败：{error}",
+    "error_changing_file_permissions": "目录{path}权限修改失败：{error}",
+    "invalid_url": "{url} 连接失败… 可能是服务中断了，或者你没有正确连接到IPv4/IPv6的互联网。",
+    "download_ssl_error": "连接{url}时发生SSL错误",
+    "download_timeout": "{url}响应超时，放弃。",
+    "download_unknown_error": "下载{url}失败：{error}",
+    "download_bad_status_code": "{url}返回状态码：{code}",
+    "warn_the_user_that_lock_is_acquired": "另一个命令刚刚完成，现在启动此命令",
+    "warn_the_user_about_waiting_lock_again": "仍在等待…",
+    "warn_the_user_about_waiting_lock": "目前正在运行另一个YunoHost命令，我们在运行此命令之前等待它完成",
+    "corrupted_toml": "从{ressource}读取的TOML已损坏（原因：{error}）",
+    "edit_text_question": "{}.编辑此文本？[yN]: "
+}

locales/cs.json

@@ -0,0 +1,47 @@
+{
+    "password": "Heslo",
+    "logged_out": "Jste odhlášen/a",
+    "warn_the_user_that_lock_is_acquired": "Předchozí operace dokončena, nyní spouštíme tuto",
+    "warn_the_user_about_waiting_lock_again": "Stále čekáme…",
+    "warn_the_user_about_waiting_lock": "Jiná YunoHost operace právě probíhá, před spuštěním této čekáme na její dokončení",
+    "download_bad_status_code": "{url} vrátil stavový kód {code}",
+    "download_unknown_error": "Chyba při stahování dat z {url}: {error}",
+    "download_timeout": "{url} příliš dlouho neodpovídá, akce přerušena.",
+    "download_ssl_error": "SSL chyba při spojení s {url}",
+    "invalid_url": "Špatný odkaz {url} (je vůbec dostupný?).",
+    "error_changing_file_permissions": "Chyba při nastavování oprávnění pro {path}: {error}",
+    "error_removing": "Chyba při přesunu {path}: {error}",
+    "error_writing_file": "Chyba při zápisu souboru/ů {file}: {error}",
+    "corrupted_toml": "Nepodařilo se načíst TOML z {ressource} (reason: {error})",
+    "corrupted_yaml": "Nepodařilo se načíst YAML z {ressource} (reason: {error})",
+    "corrupted_json": "Nepodařilo se načíst JSON {ressource} (reason: {error})",
+    "unknown_error_reading_file": "Vyskytla se neznámá chyba při čtení souboru/ů {file} (reason: {error})",
+    "cannot_write_file": "Nelze zapsat soubor/y {file} (reason: {error})",
+    "cannot_open_file": "Nelze otevřít soubor/y {file} (reason: {error})",
+    "websocket_request_expected": "Očekáván WebSocket požadavek",
+    "warning": "Varování:",
+    "values_mismatch": "Hodnoty nesouhlasí",
+    "unknown_user": "Neznámý '{user}' uživatel",
+    "unknown_group": "Neznámá '{group}' skupina",
+    "unable_authenticate": "Není možné ověřit",
+    "success": "Zadařilo se!",
+    "server_already_running": "Na tomto portu je server již provozován",
+    "root_required": "Pro provedení této akce musíte být root",
+    "pattern_not_match": "Neodpovídá výrazu",
+    "operation_interrupted": "Operace přerušena",
+    "not_logged_in": "Nejste přihlášen",
+    "logged_in": "Přihlášení",
+    "invalid_usage": "Nesprávné použití, pass --help pro zobrazení nápovědy",
+    "invalid_argument": "Nesprávný argument '{argument}': {error}",
+    "instance_already_running": "Právě probíhá jiná YunoHost operace. Před spuštěním další operace vyčkejte na její dokončení.",
+    "info": "Info:",
+    "folder_exists": "Adresář již existuje: '{path}'",
+    "file_not_exist": "Soubor neexistuje: '{path}'",
+    "error": "Chyba:",
+    "deprecated_command_alias": "'{prog} {old}' je zastaralý a bude odebrán v budoucích verzích, použijte '{prog} {new}'",
+    "deprecated_command": "'{prog} {command}' je zastaralý a bude odebrán v budoucích verzích",
+    "confirm": "Potvrdit {prompt}",
+    "authentication_required": "Vyžadováno ověření",
+    "argument_required": "Je vyžadován argument '{argument}'",
+    "edit_text_question": "{}. Upravit tento text? [yN]: "
+}

locales/da.json

@@ -0,0 +1 @@
+{}

locales/de.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Der Parameter {argument} ist erforderlich",
+    "authentication_required": "Anmeldung erforderlich",
+    "confirm": "Bestätigen Sie {prompt}",
+    "error": "Fehler:",
+    "file_not_exist": "Datei ist nicht vorhanden: '{path}'",
+    "folder_exists": "Ordner existiert bereits: '{path}'",
+    "instance_already_running": "Es läuft bereits eine YunoHost-Operation. Bitte warte, bis sie fertig ist, bevor du eine weitere startest.",
+    "invalid_argument": "Argument ungültig '{argument}': {error}",
+    "invalid_usage": "Falscher Aufruf, verwende --help für den Hilfstext",
+    "logged_in": "Angemeldet",
+    "logged_out": "Abgemeldet",
+    "not_logged_in": "Du bist nicht angemeldet",
+    "operation_interrupted": "Vorgang unterbrochen",
+    "password": "Passwort",
+    "pattern_not_match": "Entspricht nicht dem Muster",
+    "root_required": "Nur der Nutzer root kann diesen Vorgang ausführen",
+    "server_already_running": "Einen anderer Dienst arbeitet bereits auf diesem Port",
+    "success": "Erfolg!",
+    "unable_authenticate": "Anmelden fehlgeschlagen",
+    "values_mismatch": "Die Werte passen nicht zusammen",
+    "warning": "Warnung:",
+    "websocket_request_expected": "Eine WebSocket-Anfrage wurde erwartet",
+    "deprecated_command": "'{prog} {command}' ist veraltet und wird bald entfernt werden",
+    "deprecated_command_alias": "'{prog} {old}' ist veraltet und wird bald entfernt werden, benutze '{prog} {new}' stattdessen",
+    "unknown_group": "Gruppe '{group}' ist unbekannt",
+    "unknown_user": "Konto '{user}' ist unbekannt",
+    "info": "Info:",
+    "corrupted_json": "Beschädigtes JSON gelesen von {ressource} (reason: {error})",
+    "unknown_error_reading_file": "Unbekannter Fehler beim Lesen der Datei {file} (reason: {error})",
+    "cannot_write_file": "Kann Datei {file} nicht schreiben (reason: {error})",
+    "cannot_open_file": "Datei {file} konnte nicht geöffnet werden (Ursache: {error})",
+    "corrupted_yaml": "Beschädigtes YAML gelesen von {ressource} (reason: {error})",
+    "warn_the_user_that_lock_is_acquired": "Der andere Befehl wurde gerade abgeschlossen, starte jetzt diesen Befehl",
+    "warn_the_user_about_waiting_lock_again": "Immer noch wartend…",
+    "warn_the_user_about_waiting_lock": "Ein anderer YunoHost Befehl läuft gerade, wir warten bis er fertig ist, bevor dieser laufen kann",
+    "download_bad_status_code": "{url} lieferte folgende(n) Status Code(s) {code}",
+    "download_unknown_error": "Fehler beim Herunterladen von Daten von {url}: {error}",
+    "download_timeout": "{url} brauchte zu lange zum Antworten, hab aufgegeben.",
+    "download_ssl_error": "SSL Fehler beim Verbinden zu {url}",
+    "invalid_url": "Konnte keine Verbindung zu {url} herstellen… vielleicht ist der Dienst ausgefallen, oder Sie sind nicht richtig mit dem Internet in IPv4/IPv6 verbunden.",
+    "error_changing_file_permissions": "Fehler beim Ändern der Berechtigungen für {path}: {error}",
+    "error_removing": "Fehler beim Entfernen {path}: {error}",
+    "error_writing_file": "Fehler beim Schreiben von Datei {file}: {error}",
+    "corrupted_toml": "Beschädigtes TOML gelesen von {ressource} (reason: {error})",
+    "edit_text_question": "{}. Diesen Text bearbeiten? [yN]: "
+}

locales/el.json

@@ -0,0 +1,4 @@
+{
+    "logged_out": "Αποσυνδέθηκα",
+    "password": "Κωδικός πρόσβασης"
+}

locales/en.json

@@ -1,33 +1,47 @@
 {
-    "colon" : "{}: ",
-
-    "success" : "Success!",
-    "warning" : "Warning:",
-    "error" : "Error:",
-    "permission_denied" : "Permission denied",
-    "root_required" : "You must be root to perform this action",
-    "instance_already_running" : "An instance is already running",
-
-    "unable_authenticate" : "Unable to authenticate",
-    "unable_retrieve_session" : "Unable to retrieve the session",
-    "ldap_server_down" : "Unable to reach LDAP server",
-    "ldap_operation_error" : "An error occured during LDAP operation",
-    "ldap_attribute_already_exists" : "Attribute already exists: '{:s}={:s}'",
-
-    "argument_required" : "Argument {:s} is required",
-    "invalid_argument": "Invalid argument '{:s}': {:s}",
-    "password" : "Password",
-    "invalid_password" : "Invalid password",
-    "confirm" : "Confirm {:s}",
-    "values_mismatch" : "Values don't match",
-    "authentication_required_long" : "Authentication is required to perform this action",
-    "authentication_required" : "Authentication required",
-    "authentication_profile_required" : "Authentication to profile '{:s}' required",
-    "operation_interrupted" : "Operation interrupted",
-
-    "logged_in" : "Logged in",
-    "logged_out" : "Logged out",
-    "not_logged_in" : "You are not logged in",
-    "server_already_running" : "A server is already running on that port",
-    "websocket_request_expected" : "Expected a WebSocket request"
+    "argument_required": "Argument '{argument}' is required",
+    "authentication_required": "Authentication required",
+    "confirm": "Confirm {prompt}",
+    "deprecated_command": "'{prog} {command}' is deprecated and will be removed in the future",
+    "deprecated_command_alias": "'{prog} {old}' is deprecated and will be removed in the future, use '{prog} {new}' instead",
+    "edit_text_question": "{}. Edit this text ? [yN]: ",
+    "error": "Error:",
+    "file_not_exist": "File does not exist: '{path}'",
+    "folder_exists": "Folder already exists: '{path}'",
+    "info": "Info:",
+    "instance_already_running": "There is already a YunoHost operation running. Please wait for it to finish before running another one.",
+    "invalid_argument": "Invalid argument '{argument}': {error}",
+    "invalid_usage": "Invalid usage, pass --help to see help",
+    "logged_in": "Logged in",
+    "logged_out": "Logged out",
+    "not_logged_in": "You are not logged in",
+    "operation_interrupted": "Operation interrupted",
+    "password": "Password",
+    "pattern_not_match": "Does not match pattern",
+    "root_required": "You must be root to perform this action",
+    "server_already_running": "A server is already running on that port",
+    "success": "Success!",
+    "unable_authenticate": "Unable to authenticate",
+    "unknown_group": "Unknown '{group}' group",
+    "unknown_user": "Unknown '{user}' user",
+    "values_mismatch": "Values don't match",
+    "warning": "Warning:",
+    "websocket_request_expected": "Expected a WebSocket request",
+    "cannot_open_file": "Could not open file {file} (reason: {error})",
+    "cannot_write_file": "Could not write file {file} (reason: {error})",
+    "unknown_error_reading_file": "Unknown error while trying to read file {file} (reason: {error})",
+    "corrupted_json": "Corrupted JSON read from {ressource} (reason: {error})",
+    "corrupted_yaml": "Corrupted YAML read from {ressource} (reason: {error})",
+    "corrupted_toml": "Corrupted TOML read from {ressource} (reason: {error})",
+    "error_writing_file": "Error when writing file {file}: {error}",
+    "error_removing": "Error when removing {path}: {error}",
+    "error_changing_file_permissions": "Error when changing permissions for {path}: {error}",
+    "invalid_url": "Failed to connect to {url}... maybe the service is down, or you are not properly connected to the Internet in IPv4/IPv6.",
+    "download_ssl_error": "SSL error when connecting to {url}",
+    "download_timeout": "{url} took too long to answer, gave up.",
+    "download_unknown_error": "Error when downloading data from {url}: {error}",
+    "download_bad_status_code": "{url} returned status code {code}",
+    "warn_the_user_about_waiting_lock": "Another YunoHost command is running right now, we are waiting for it to finish before running this one",
+    "warn_the_user_about_waiting_lock_again": "Still waiting...",
+    "warn_the_user_that_lock_is_acquired": "The other command just completed, now starting this command"
 }

locales/eo.json

@@ -0,0 +1,46 @@
+{
+    "password": "Pasvorto",
+    "warn_the_user_that_lock_is_acquired": "La alia komando ĵus kompletigis, nun komencante ĉi tiun komandon",
+    "warn_the_user_about_waiting_lock_again": "Ankoraŭ atendanta…",
+    "warn_the_user_about_waiting_lock": "Alia komando de YunoHost funkcias ĝuste nun, ni atendas, ke ĝi finiĝos antaŭ ol funkcii ĉi tiu",
+    "download_bad_status_code": "{url} redonita statuskodo {code}",
+    "download_unknown_error": "Eraro dum elŝutado de datumoj de {url}: {error}",
+    "download_timeout": "{url} prenis tro da tempo por respondi, rezignis.",
+    "download_ssl_error": "SSL-eraro dum konekto al {url}",
+    "invalid_url": "Nevalida URL{url} (ĉu ĉi tiu retejo ekzistas?)",
+    "error_changing_file_permissions": "Eraro dum ŝanĝo de permesoj por {path}: {error}",
+    "error_removing": "Eraro dum la forigo de {path}: {error}",
+    "error_writing_file": "Eraro skribinte dosieron {file}: {error}",
+    "corrupted_toml": "Korupta TOML legita el {ressource} (kialo: {error})",
+    "corrupted_yaml": "Korupta YAML legita de {ressource} (kialo: {error})",
+    "corrupted_json": "Koruptita JSON legis de {ressource} (Kialo: {error})",
+    "unknown_error_reading_file": "Nekonata eraro dum provi legi dosieron {file} (kialo: {error})",
+    "cannot_write_file": "Ne povis skribi dosieron {file} (kialo: {error})",
+    "cannot_open_file": "Ne povis malfermi dosieron {file} (kialo: {error})",
+    "websocket_request_expected": "Atendis ret-peto",
+    "warning": "Averto:",
+    "values_mismatch": "Valoroj ne kongruas",
+    "unknown_user": "Nekonata uzanto '{user}'",
+    "unknown_group": "Nekonata grupo \"{group}\"",
+    "unable_authenticate": "Ne eblas aŭtentiĝi",
+    "success": "Sukceson!",
+    "server_already_running": "Servilo jam funkcias sur tiu haveno",
+    "root_required": "Vi devas esti 'root' por plenumi ĉi tiun agon",
+    "pattern_not_match": "Ne kongruas kun ŝablono",
+    "operation_interrupted": "Operacio interrompita",
+    "not_logged_in": "Vi ne estas ensalutinta",
+    "logged_in": "Ensalutinta",
+    "invalid_usage": "Nevalida uzado, preterpase '--help' por vidi helpon",
+    "invalid_argument": "Nevalida argumento '{argument}': {error}",
+    "instance_already_running": "Jam funkcias YunoHost-operacio. Bonvolu atendi, ke ĝi finiĝos antaŭ ol funkcii alia.",
+    "info": "informoj:",
+    "folder_exists": "Dosierujo jam ekzistas: '{path}'",
+    "file_not_exist": "Dosiero ne ekzistas: '{path}'",
+    "error": "Eraro:",
+    "deprecated_command_alias": "'{prog} {old}' malakceptas kaj estos forigita estonte, uzu anstataŭe '{prog} {new}'",
+    "deprecated_command": "'{prog} {command}' malakceptas kaj estos forigita estonte",
+    "confirm": "Konfirmu {prompt}",
+    "authentication_required": "Aŭtentigo bezonata",
+    "argument_required": "Argumento '{argument}' estas bezonata",
+    "logged_out": "Ensalutinta"
+}

locales/es.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Se requiere el argumento «{argument}»",
+    "authentication_required": "Se requiere autentificación",
+    "confirm": "Confirmar {prompt}",
+    "deprecated_command": "«{prog} {command}» está obsoleto y será eliminado en el futuro",
+    "deprecated_command_alias": "«{prog} {old}» está obsoleto y se eliminará en el futuro, use «{prog} {new}» en su lugar",
+    "error": "Error:",
+    "file_not_exist": "El archivo no existe: «{path}»",
+    "folder_exists": "El directorio ya existe: «{path}»",
+    "instance_already_running": "Ya se está ejecutando una instancia de YunoHost. Espere a que termine antes de ejecutar otra.",
+    "invalid_argument": "Argumento no válido «{argument}»: {error}",
+    "invalid_usage": "Uso no válido, utilice --help para ver la ayuda",
+    "logged_in": "Sesión iniciada",
+    "logged_out": "Sesión cerrada",
+    "not_logged_in": "No ha iniciado sesión",
+    "operation_interrupted": "Operación interrumpida",
+    "password": "Contraseña",
+    "pattern_not_match": "No coincide con el patrón",
+    "root_required": "Solo root puede realizar esta acción",
+    "server_already_running": "Ya se está ejecutando un servidor en ese puerto",
+    "success": "¡Éxito!",
+    "unable_authenticate": "No se puede autentificar",
+    "unknown_group": "Grupo «{group}» desconocido",
+    "unknown_user": "Usuario «{user}» desconocido",
+    "values_mismatch": "Los valores no coinciden",
+    "warning": "Advertencia:",
+    "websocket_request_expected": "Se esperaba una petición WebSocket",
+    "cannot_open_file": "No se pudo abrir el archivo {file} (motivo: {error})",
+    "cannot_write_file": "No se pudo escribir el archivo {file} (motivo: {error})",
+    "unknown_error_reading_file": "Error desconocido al intentar leer el archivo {file} (motivo: {error})",
+    "corrupted_json": "Lectura corrupta de JSON desde {ressource} (motivo: {error})",
+    "error_writing_file": "Error al escribir el archivo {file}: {error}",
+    "error_removing": "Error al eliminar {path}: {error}",
+    "error_changing_file_permissions": "Error al cambiar los permisos para {path}: {error}",
+    "invalid_url": "Imposible de conectarse a {url} (¿ la URL esta correcta, existe este sitio, o internet esta accesible?).",
+    "download_ssl_error": "Error SSL al conectar con {url}",
+    "download_timeout": "{url} tardó demasiado en responder, abandono.",
+    "download_unknown_error": "Error al descargar datos desde {url} : {error}",
+    "download_bad_status_code": "{url} devolvió el código de estado {code}",
+    "corrupted_yaml": "Lectura corrupta de YAML desde {ressource} (motivo: {error})",
+    "info": "Información:",
+    "corrupted_toml": "Lectura corrupta de TOML desde {ressource} (motivo: {error})",
+    "warn_the_user_that_lock_is_acquired": "La otra orden recién terminó, iniciando esta orden ahora",
+    "warn_the_user_about_waiting_lock_again": "Aún esperando…",
+    "warn_the_user_about_waiting_lock": "Otra orden de YunoHost se está ejecutando ahora, estamos esperando a que termine antes de ejecutar esta",
+    "edit_text_question": "{}. Editar este texto ? [sN]: "
+}

locales/eu.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "'{argument}' argumentua ezinbestekoa da",
+    "logged_out": "Saioa amaituta",
+    "password": "Pasahitza",
+    "authentication_required": "Autentifikazioa behar da",
+    "confirm": "{prompt} baieztatu",
+    "edit_text_question": "{}. Testua editatu nahi al duzu? [yN]: ",
+    "deprecated_command": "'{prog} {command}' zaharkitua dago eta etorkizunean kenduko da",
+    "deprecated_command_alias": "'{prog} {old} zaharkitua dago eta etorkizunean kenduko da, erabili '{prog} {new}' haren ordez",
+    "error": "Errorea:",
+    "file_not_exist": "Fitxategia ez da existitzen: '{path}'",
+    "error_changing_file_permissions": "Errorea {path}-i eragiten dioten baimenak aldatzean: {error}",
+    "invalid_argument": "'{argument}' argumentua ez da egokia: {error}",
+    "success": "Arrakasta!",
+    "info": "Informazioa:",
+    "logged_in": "Saioa hasita",
+    "not_logged_in": "Ez duzu saiorik hasi",
+    "operation_interrupted": "Eragiketa geldiarazi da",
+    "unknown_group": "'{group}' taldea ezezaguna da",
+    "unknown_user": "'{user}' erabiltzailea ezezaguna da",
+    "cannot_write_file": "Ezinezkoa izan da {file} fitxategia idaztea (zergatia: {error})",
+    "download_ssl_error": "SSL errorea {url}-(e)ra konektatzean",
+    "corrupted_toml": "{ressource}-eko/go TOMLa kaltetuta dago (zergatia: {error})",
+    "warn_the_user_about_waiting_lock": "YunoHosten beste komando bat ari da exekutatzen, horrek amaitu arte gaude zain",
+    "warn_the_user_about_waiting_lock_again": "Zain...",
+    "folder_exists": "Direktorioa existitzen da dagoeneko: '{path}'",
+    "instance_already_running": "YunoHosten eragiketa bat exekutatzen ari da dagoeneko. Itxaron amaitu arte beste eragiketa bat abiarazi baino lehen.",
+    "invalid_usage": "Erabilera okerra, idatzi --help aukerak ikusteko",
+    "pattern_not_match": "Ez dator ereduarekin bat",
+    "root_required": "Ezinbestekoa da 'root' izatea eragiketa hau exekutatzeko",
+    "server_already_running": "Zerbitzari bat martxan dago dagoeneko ataka horretan",
+    "unable_authenticate": "Ezin da autentifikatu",
+    "values_mismatch": "Balioak ez datoz bat",
+    "warning": "Adi:",
+    "cannot_open_file": "Ezinezkoa izan da {file} fitxategia irekitzea (zergatia: {error})",
+    "corrupted_json": "{ressource}-eko/go JSONa kaltetuta dago (zergatia: {error})",
+    "corrupted_yaml": "{ressource}-eko/go YAMLa kaltetuta dago (zergatia: {error})",
+    "websocket_request_expected": "WebSocket eskaera bat espero zen",
+    "unknown_error_reading_file": "Errore ezezaguna {file} fitxategia irakurtzen saiatzerakoan (zergatia: {error})",
+    "download_unknown_error": "Errorea {url}(e)tik deskargatzerakoan: {error}",
+    "warn_the_user_that_lock_is_acquired": "Aurreko komandoa amaitu berri, orain komando hau abiarazten",
+    "error_writing_file": "Errorea {file} fitxategia idazterakoan: {error}",
+    "error_removing": "Errorea {path} ezabatzerakoan: {error}",
+    "download_bad_status_code": "{url} helbideak {code} egoera kodea agertu du",
+    "invalid_url": "{url}-(e)ra konektatzeak huts egin du... agian zerbitzua ez dago martxan, edo ez zaude IPv4/IPv6 bidez ondo konektatuta internetera.",
+    "download_timeout": "{url}(e)k denbora gehiegi behar izan du erantzuteko, bertan behera utzi du zerbitzariak."
+}

locales/fa.json

@@ -0,0 +1,46 @@
+{
+    "logged_in": "وارد شده",
+    "invalid_usage": "استفاده نامعتبر ، برای مشاهده راهنما --help را ارسال کنید",
+    "invalid_argument": "استدلال نامعتبر '{argument}': {error}",
+    "instance_already_running": "در حال حاضر یک عملیات YunoHost در حال اجرا است. لطفاً قبل از اجرای یکی دیگر ، منتظر بمانید تا آن به پایان برسد.",
+    "info": "اطلاعات:",
+    "folder_exists": "پوشه موجود است: '{path}'",
+    "file_not_exist": "فایل وجود ندارد: '{path}'",
+    "error": "ایراد:",
+    "deprecated_command_alias": "'{prog} {old}' منسوخ شده است و در آینده حذف خواهد شد ، بجای آن از '{prog} {new}' استفاده کنید",
+    "deprecated_command": "'{prog} {command}' منسوخ شده است و در آینده حذف خواهد شد",
+    "confirm": "تایید کردن {prompt}",
+    "authentication_required": "احراز هویّت الزامی است",
+    "argument_required": "استدلال '{argument}' ضروری است",
+    "password": "کلمه عبور",
+    "warn_the_user_that_lock_is_acquired": "فرمان دیگر به تازگی تکمیل شده است ، اکنون این دستور را شروع کنید",
+    "warn_the_user_about_waiting_lock_again": "هنوز در انتظار…",
+    "warn_the_user_about_waiting_lock": "یکی دیگر از دستورات YunoHost در حال اجرا است ، ما منتظر هستیم تا قبل از اجرای این دستور به پایان برسد",
+    "download_bad_status_code": "{url} کد وضعیّت بازگشتی {code}",
+    "download_unknown_error": "خطا هنگام بارگیری داده ها از {url}: {error}",
+    "download_timeout": "پاسخ {url} خیلی طول کشید ، منصرف شو.",
+    "download_ssl_error": "خطای SSL هنگام اتصال به {url}",
+    "invalid_url": "اتصال به {url} انجام نشد … شاید سرویس خاموش باشد یا در IPv4/IPv6 به درستی به اینترنت متصل نشده باشید.",
+    "error_changing_file_permissions": "خطا هنگام تغییر مجوزهای {path}: {error}",
+    "error_removing": "خطا هنگام حذف {path}: {error}",
+    "error_writing_file": "خطا هنگام نوشتن فایل {file}: {error}",
+    "corrupted_toml": "TOML خراب از {ressource} (دلیل: {error})",
+    "corrupted_yaml": "YAML خراب از {ressource} (دلیل: {error})",
+    "corrupted_json": "جی سان خراب شده از {ressource} میخواند (دلیل: {error})",
+    "unknown_error_reading_file": "خطای ناشناخته هنگام تلاش برای خواندن فایل {file} (دلیل: {error})",
+    "cannot_write_file": "نمی توان فایل {file} را نوشت (دلیل: {error})",
+    "cannot_open_file": "فایل {file} باز نشد (دلیل: {error})",
+    "websocket_request_expected": "در انتظار درخواست وب سوکت",
+    "warning": "هشدار:",
+    "values_mismatch": "مقدار ها مطابقت ندارند",
+    "unknown_user": "کاربر'{user}' ناشناخته",
+    "unknown_group": "گروه '{group}' ناشناخته",
+    "unable_authenticate": "احراز هویّت امکان پذیر نیست",
+    "success": "موفقیّت!",
+    "server_already_running": "در حال حاضر یک سرور روی آن پورت کار می کند",
+    "root_required": "برای انجام این عمل باید کاربر ریشه باشید",
+    "pattern_not_match": "با الگو مطابقت ندارد",
+    "operation_interrupted": "عملیات قطع شده است",
+    "not_logged_in": "‌شما وارد نشده اید",
+    "logged_out": "خارج شده"
+}

locales/fi.json

@@ -0,0 +1,4 @@
+{
+    "password": "Salasana",
+    "logged_out": "Kirjauduttu ulos"
+}

locales/fr.json

@@ -1,33 +1,47 @@
 {
-    "colon" : "{} : ",
-
-    "success" : "Succès !",
-    "warning" : "Attention :",
-    "error" : "Erreur :",
-    "permission_denied" : "Permission refusée",
-    "root_required" : "Vous devez avoir les droits super-utilisateur pour exécuter cette action",
-    "instance_already_running" : "Une instance est déjà en cours d'exécution",
-
-    "unable_authenticate" : "Impossible de vous authentifier",
-    "unable_retrieve_session" : "Impossible de récupérer la session",
-    "ldap_server_down" : "Impossible d'atteindre le serveur LDAP",
-    "ldap_operation_error" : "Une erreur est survenue lors de l'opération LDAP",
-    "ldap_attribute_already_exists" : "L'attribut existe déjà : '{:s}={:s}'",
-
-    "argument_required" : "L'argument {:s} est requis",
-    "invalid_argument": "Argument '{:s}' incorrect : {:s}",
-    "password" : "Mot de passe",
-    "invalid_password" : "Mot de passe incorrect",
-    "confirm" : "Confirmez le {:s}",
-    "values_mismatch" : "Les valeurs ne correspondent pas",
-    "authentication_required_long" : "L'authentification est requise pour exécuter cette action",
-    "authentication_required" : "Authentification requise",
-    "authentication_profile_required" : "Authentification au profile '{:s}' requise",
-    "operation_interrupted" : "Opération interrompue",
-
-    "logged_in" : "Connecté",
-    "logged_out" : "Déconnecté",
-    "not_logged_in" : "Vous n'êtes pas connecté",
-    "server_already_running" : "Un server est déjà en cours d'exécution sur ce port",
-    "websocket_request_excepted" : "Requête WebSocket attendue"
+    "argument_required": "L'argument '{argument}' est requis",
+    "authentication_required": "Authentification requise",
+    "confirm": "Confirmez {prompt}",
+    "deprecated_command": "'{prog} {command}' est déprécié et sera bientôt supprimé",
+    "deprecated_command_alias": "'{prog} {old}' est déprécié et sera bientôt supprimé, utilisez '{prog} {new}' à la place",
+    "error": "Erreur :",
+    "file_not_exist": "Le fichier '{path}' n'existe pas",
+    "folder_exists": "Le dossier existe déjà : '{path}'",
+    "instance_already_running": "Une instance est déjà en cours d'exécution, merci d'attendre sa fin avant d'en lancer une autre.",
+    "invalid_argument": "Argument '{argument}' incorrect : {error}",
+    "invalid_usage": "Utilisation erronée, utilisez --help pour accéder à l'aide",
+    "logged_in": "Connecté",
+    "logged_out": "Déconnecté",
+    "not_logged_in": "Vous n'êtes pas connecté",
+    "operation_interrupted": "Opération interrompue",
+    "password": "Mot de passe",
+    "pattern_not_match": "Ne correspond pas au motif",
+    "root_required": "Vous devez avoir les droits d'administration pour exécuter cette action",
+    "server_already_running": "Un serveur est déjà en cours d'exécution sur ce port",
+    "success": "Succès !",
+    "unable_authenticate": "Impossible de vous authentifier",
+    "unknown_group": "Le groupe '{group}' est inconnu",
+    "unknown_user": "Le compte '{user}' est inconnu",
+    "values_mismatch": "Les valeurs ne correspondent pas",
+    "warning": "Attention :",
+    "websocket_request_expected": "Une requête WebSocket est attendue",
+    "cannot_open_file": "Impossible d'ouvrir le fichier {file} (raison : {error})",
+    "cannot_write_file": "Ne peut pas écrire le fichier {file} (raison : {error})",
+    "unknown_error_reading_file": "Erreur inconnue en essayant de lire le fichier {file} (raison :{error})",
+    "corrupted_json": "Fichier JSON corrompu en lecture depuis {ressource} (raison : {error})",
+    "error_writing_file": "Erreur en écrivant le fichier {file} : {error}",
+    "error_removing": "Erreur lors de la suppression {path} : {error}",
+    "error_changing_file_permissions": "Erreur lors de la modification des autorisations pour {path} : {error}",
+    "invalid_url": "Impossible de se connecter à {url}... peut-être que le service est en panne ou que vous n'êtes pas correctement connecté à Internet en IPv4/IPv6.",
+    "download_ssl_error": "Erreur SSL lors de la connexion à {url}",
+    "download_timeout": "{url} a pris trop de temps pour répondre : abandon.",
+    "download_unknown_error": "Erreur lors du téléchargement des données à partir de {url} : {error}",
+    "download_bad_status_code": "{url} renvoie le code d'état {code}",
+    "corrupted_yaml": "Fichier YAML corrompu en lecture depuis {ressource} (raison : {error})",
+    "info": "Info :",
+    "corrupted_toml": "Fichier TOML corrompu en lecture depuis {ressource} (raison : {error})",
+    "warn_the_user_about_waiting_lock": "Une autre commande YunoHost est actuellement en cours, nous attendons qu'elle se termine avant de démarrer celle là",
+    "warn_the_user_about_waiting_lock_again": "Toujours en attente...",
+    "warn_the_user_that_lock_is_acquired": "La commande précédente vient de se terminer, lancement de cette nouvelle commande",
+    "edit_text_question": "{}. Modifier ce texte ? [yN] : "
 }

locales/gl.json

@@ -0,0 +1,47 @@
+{
+    "invalid_usage": "Uso non válido, pass --help para ver a axuda",
+    "invalid_argument": "Argumento non válido '{argument}': {error}",
+    "instance_already_running": "Hai unha operación de YunoHost en execución. Por favor agarda a que remate antes de realizar unha nova.",
+    "info": "Info:",
+    "folder_exists": "Xa existe o cartafol: '{path}'",
+    "file_not_exist": "Non existe o ficheiro: '{path}'",
+    "error": "Erro:",
+    "deprecated_command_alias": "'{prog} {old}' xa non se utiliza e será eliminado no futuro, usa '{prog} {new}' no seu lugar",
+    "deprecated_command": "'{prog} {command}' xa non se utiliza e xa non se usará no futuro",
+    "confirm": "Confirma {prompt}",
+    "authentication_required": "Autenticación requerida",
+    "argument_required": "O argumento '{argument}' é requerido",
+    "logged_out": "Sesión pechada",
+    "password": "Contrasinal",
+    "warning": "Aviso:",
+    "values_mismatch": "Non concordan os valores",
+    "unknown_user": "Usuaria '{user}' descoñecida",
+    "unknown_group": "Grupo '{group}' descoñecido",
+    "unable_authenticate": "Non se puido autenticar",
+    "success": "Ben feito!",
+    "server_already_running": "Xa hai un servidor a funcionar nese porto",
+    "root_required": "Tes que ser root para facer esta acción",
+    "pattern_not_match": "Non concorda co patrón",
+    "operation_interrupted": "Interrumpeuse a operación",
+    "not_logged_in": "Non iniciaches sesión",
+    "logged_in": "Sesión iniciada",
+    "warn_the_user_that_lock_is_acquired": "O outro comando rematou, agora executarase este",
+    "warn_the_user_about_waiting_lock_again": "Agardando…",
+    "warn_the_user_about_waiting_lock": "Estase executando outro comando de YunoHost neste intre, estamos agardando a que remate para executar este",
+    "download_bad_status_code": "{url} devolveu o código de estado {code}",
+    "download_unknown_error": "Erro ao descargar os datos desde {url}: {error}",
+    "download_timeout": "{url} está tardando en responder, deixámolo.",
+    "download_ssl_error": "Erro SSL ao conectar con {url}",
+    "invalid_url": "Fallou a conexión con {url}... pode que o servizo estea caído, ou que non teñas conexión a Internet con IPv4/IPv6.",
+    "error_changing_file_permissions": "Erro ao cambiar os permisos de {path}: {error}",
+    "error_removing": "Erro ao eliminar {path}: {error}",
+    "error_writing_file": "Erro ao escribir o ficheiro {file}: {error}",
+    "corrupted_toml": "Lectura corrupta de datos TOML de {ressource} (razón: {error})",
+    "corrupted_yaml": "Lectura corrupta dos datos YAML de {ressource} (razón: {error})",
+    "corrupted_json": "Lectura corrupta dos datos JSON de {ressource} (razón: {error})",
+    "unknown_error_reading_file": "Erro descoñecido ao intentar ler o ficheiro {file} (razón: {error})",
+    "cannot_write_file": "Non se puido escribir o ficheiro {file} (razón: {error})",
+    "cannot_open_file": "Non se puido abrir o ficheiro {file} (razón: {error})",
+    "websocket_request_expected": "Agardábase unha solicitude WebSocket",
+    "edit_text_question": "{}. Editar este texto ? [yN]: "
+}

locales/he.json

@@ -0,0 +1 @@
+{}

locales/hi.json

@@ -0,0 +1,29 @@
+{
+    "argument_required": "तर्क '{argument}' आवश्यक है",
+    "authentication_required": "प्रमाणीकरण आवश्यक",
+    "confirm": "पुष्टि करें {prompt}",
+    "deprecated_command": "'{prog}' '{command}' का प्रयोग न करे, भविष्य में इसे हटा दिया जाएगा",
+    "deprecated_command_alias": "'{prog} {old}' अब पुराना हो गया है और इसे भविष्य में हटा दिया जाएगा, इस की जगह '{prog} {new}' का प्रयोग करें",
+    "error": "गलती:",
+    "file_not_exist": "फ़ाइल मौजूद नहीं है: '{path}'",
+    "folder_exists": "फ़ोल्डर में पहले से ही मौजूद है: '{path}'",
+    "instance_already_running": "यूनोहोस्ट का एक कार्य पहले से चल रहा है। कृपया इस कार्य के समाप्त होने का इंतज़ार करें।",
+    "invalid_argument": "अवैध तर्क '{argument}':'{error}'",
+    "invalid_usage": "अवैध उपयोग, सहायता देखने के लिए --help साथ लिखे।",
+    "logged_in": "लोग्ड इन",
+    "logged_out": "लॉग आउट",
+    "not_logged_in": "आप लोग्ड इन नहीं हैं।",
+    "operation_interrupted": "कार्य बाधित",
+    "password": "पासवर्ड",
+    "pattern_not_match": "पैटर्न मेल नहीं खता है।",
+    "root_required": "इस कार्य को करने के लिए ,आप का root होना आवक्षक है।",
+    "server_already_running": "कोई सर्वर पहले से ही इस पोर्ट पर चल रहा है।",
+    "success": "सफलता!",
+    "unable_authenticate": "प्रमाणित करने में असमर्थ।",
+    "unknown_group": "अज्ञात ग्रुप: '{group}'",
+    "unknown_user": "अज्ञात उपयोगकर्ता: '{user}'",
+    "values_mismatch": "वैल्यूज मेल नहीं खाती।",
+    "warning": "चेतावनी:",
+    "websocket_request_expected": "एक WebSocket अनुरोध की उम्मीद।",
+    "info": "सूचना:"
+}

locales/hu.json

@@ -0,0 +1,17 @@
+{
+    "logged_out": "Kilépett",
+    "password": "Jelszó",
+    "download_timeout": "{url} régóta nem válaszol, folyamat megszakítva.",
+    "invalid_url": "Helytelen URL: {url} (biztos létezik az oldal?)",
+    "cannot_open_file": "{file} megnyitása sikertelen (Oka: {error})",
+    "unknown_user": "Ismeretlen felhasználó: '{user}'",
+    "unknown_group": "Ismeretlen csoport: '{group}'",
+    "server_already_running": "Egy szerver már fut ezen a porton",
+    "logged_in": "Bejelentkezve",
+    "success": "Siker!",
+    "values_mismatch": "Eltérő értékek",
+    "warning": "Figyelem:",
+    "info": "Információ:",
+    "file_not_exist": "A fájl nem létezik: '{path}'",
+    "error": "Hiba:"
+}

locales/id.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Argumen '{argument}' dibutuhkan",
+    "authentication_required": "Autentikasi dibutuhkan",
+    "deprecated_command": "'{prog} {command}' sudah usang dan akan dihapus nanti",
+    "logged_out": "Berhasil keluar",
+    "password": "Kata sandi",
+    "deprecated_command_alias": "'{prog} {old}' sudah usang dan akan dihapus nanti, gunakan '{prog} {new}'",
+    "info": "Informasi:",
+    "instance_already_running": "Sudah ada tindakan YunoHost yang sedang berjalan. Tunggu itu selesai sebelum menjalankan yang lain.",
+    "logged_in": "Berhasil masuk",
+    "warning": "Peringatan:",
+    "cannot_open_file": "Tidak dapat membuka berkas {file} (alasan: {error})",
+    "error_removing": "Terjadi galat ketika menghapus {path}: {error}",
+    "success": "Berhasil!",
+    "warn_the_user_about_waiting_lock": "Perintah YunoHost lain sedang berjalan saat ini, kami sedang menunggu itu selesai sebelum menjalankan yang ini",
+    "warn_the_user_about_waiting_lock_again": "Masih menunggu...",
+    "unable_authenticate": "Tidak dapat mengautentikasi",
+    "warn_the_user_that_lock_is_acquired": "Perintah yang tadi baru saja selesai, akan memulai perintah ini",
+    "server_already_running": "Sebuah peladen telah berjalan di porta tersebut",
+    "unknown_group": "Kelompok '{group}' tidak diketahui",
+    "unknown_user": "Pengguna '{user}' tidak diketahui",
+    "values_mismatch": "Nnilai berbeda",
+    "cannot_write_file": "Tidak dapat menyimpan berkas {file} (alasan: {error})",
+    "unknown_error_reading_file": "Galat yang tidak diketahui ketika membaca berkas {file} (alasan: {error})",
+    "invalid_url": "Gagal terhubung dengan {url}... mungkin layanan tersebut sedang turun, atau Anda tidak terhubung dengan benar ke internet di IPv4/IPv6.",
+    "download_timeout": "{url} memakan waktu yang lama untuk menjawab, menyerah.",
+    "download_unknown_error": "Galat ketika mengunduh data dari {url}: {error}",
+    "download_bad_status_code": "{url} menjawab dengan kode status {code}",
+    "confirm": "Konfirmasi {prompt}",
+    "edit_text_question": "{}. Sunting teks ini ? [yN]: ",
+    "error": "Galat:",
+    "file_not_exist": "Berkas tidak ada: '{path}'",
+    "folder_exists": "Berkas sudah ada: '{path}'",
+    "invalid_argument": "Argumen tidak valid '{argument}': {error}",
+    "invalid_usage": "Tidak valid, ikutkan --help untuk melihat bantuan",
+    "not_logged_in": "Anda belum masuk",
+    "operation_interrupted": "Tindakan terganggu",
+    "error_writing_file": "Galat ketika menyimpan berkas {file}: {error}",
+    "error_changing_file_permissions": "Galat ketika mengubah izin untuk {path}: {error}",
+    "download_ssl_error": "Galat SSL ketika menghubungi {url}",
+    "pattern_not_match": "Tidak cocok dengan pola",
+    "root_required": "Anda harus berada di root untuk melakukan tindakan ini",
+    "corrupted_yaml": "Pembacaan rusak untuk YAML {ressource} (alasan: {error})",
+    "corrupted_toml": "Pembacaan rusak untuk TOML {ressource} (alasan: {error})",
+    "corrupted_json": "Pembacaan rusak untuk JSON {ressource} (alasan: {error})",
+    "websocket_request_expected": "Mengharapkan permintaan WebSocket"
+}

locales/it.json

@@ -0,0 +1,47 @@
+{
+    "logged_out": "Disconnesso",
+    "password": "Password",
+    "argument_required": "L'argomento '{argument}' è richiesto",
+    "authentication_required": "Autenticazione richiesta",
+    "confirm": "Confermare {prompt}",
+    "deprecated_command": "'{prog} {command}' è deprecato e sarà rimosso in futuro",
+    "deprecated_command_alias": "'{prog} {old}' è deprecato e sarà rimosso in futuro, usa invece '{prog} {new}'",
+    "error": "Errore:",
+    "file_not_exist": "Il file non esiste: '{path}'",
+    "folder_exists": "La cartella esiste già: '{path}'",
+    "instance_already_running": "Esiste già un'operazione YunoHost in esecuzione. Attendi il completamento prima di eseguirne un altro.",
+    "invalid_argument": "Argomento non valido '{argument}': {error}",
+    "invalid_usage": "Utilizzo non valido, usa --help per vedere l'aiuto",
+    "logged_in": "Connesso",
+    "not_logged_in": "Non hai effettuato l'accesso",
+    "operation_interrupted": "Operazione interrotta",
+    "pattern_not_match": "Non corrisponde al modello",
+    "root_required": "Devi essere root per eseguire questa azione",
+    "server_already_running": "Un server è già in esecuzione su quella porta",
+    "success": "Riuscito!",
+    "unable_authenticate": "Autenticazione fallita",
+    "unknown_group": "Gruppo '{group}' sconosciuto",
+    "unknown_user": "Utente '{user}' sconosciuto",
+    "values_mismatch": "I valori non corrispondono",
+    "warning": "Attenzione:",
+    "websocket_request_expected": "Richiesta WebSocket attesa",
+    "cannot_open_file": "Impossibile aprire il file {file} (motivo: {error})",
+    "cannot_write_file": "Impossibile scrivere il file {file} (motivo: {error})",
+    "unknown_error_reading_file": "Errore sconosciuto durante il tentativo di leggere il file {file} (motivo: {error})",
+    "corrupted_json": "Lettura JSON corrotta da {ressource} (motivo: {error})",
+    "corrupted_yaml": "Lettura YAML corrotta da {ressource} (motivo: {error})",
+    "error_writing_file": "Errore durante la scrittura del file {file}: {error}",
+    "error_removing": "Errore durante la rimozione {path}: {error}",
+    "error_changing_file_permissions": "Errore durante il cambio di permessi per {path}: {error}",
+    "invalid_url": "Fallita connessione a {url}… magari il servizio è down, o non sei connesso correttamente ad internet con IPv4/IPv6.",
+    "download_ssl_error": "Errore SSL durante la connessione a {url}",
+    "download_timeout": "{url} ci ha messo troppo a rispondere, abbandonato.",
+    "download_unknown_error": "Errore durante il download di dati da {url} : {error}",
+    "download_bad_status_code": "{url} ha restituito il codice di stato {code}",
+    "info": "Info:",
+    "warn_the_user_that_lock_is_acquired": "L'altro comando è appena completato, ora avvio questo comando",
+    "warn_the_user_about_waiting_lock_again": "Sto ancora aspettando…",
+    "warn_the_user_about_waiting_lock": "Un altro comando YunoHost è in esecuzione in questo momento, stiamo aspettando che finisca prima di eseguire questo",
+    "corrupted_toml": "TOML corrotto da {ressource} (motivo: {error})",
+    "edit_text_question": "{}. Modificare il testo? [yN]: "
+}

locales/ja.json

@@ -0,0 +1,47 @@
+{
+    "logged_out": "ログアウトしました",
+    "password": "パスワード",
+    "argument_required": "引数 '{argument}' が必要です",
+    "authentication_required": "認証が必要",
+    "confirm": "{prompt}の確認",
+    "deprecated_command": "'{prog} {command}' は非推奨であり、将来削除される予定です",
+    "deprecated_command_alias": "'{prog} {old}' は非推奨であり、今後削除される予定です。代わりに '{prog} {new}' を使用してください",
+    "edit_text_question": "{}.このテキストを編集しますか?[yN]: ",
+    "error": "エラー:",
+    "info": "インフォメーション:",
+    "download_unknown_error": "{url}からデータをダウンロードする際のエラー:{error}",
+    "download_bad_status_code": "{url}は状態コード {code} を返しました",
+    "warn_the_user_about_waiting_lock": "別のYunoHostコマンドが現在実行されているため、完了するのを待っています",
+    "warn_the_user_about_waiting_lock_again": "まだ待っています…",
+    "warn_the_user_that_lock_is_acquired": "他のコマンドが完了しました。このコマンドが開始されました",
+    "file_not_exist": "ファイルが存在しません: '{path}'",
+    "folder_exists": "フォルダは既に存在します: '{path}'",
+    "instance_already_running": "YunoHost 操作が既に実行されています。他の操作が完了するのを待ってください。",
+    "invalid_argument": "無効な引数 '{argument}': {error}",
+    "invalid_usage": "無効な使用法です。--help を渡してヘルプを表示します",
+    "logged_in": "ログイン済み",
+    "not_logged_in": "ログインしていません",
+    "operation_interrupted": "操作が中断されました",
+    "pattern_not_match": "パターンと一致しない",
+    "root_required": "このアクションを実行するには、rootである必要があります",
+    "server_already_running": "サーバーはそのポートで既に実行されています",
+    "success": "成功！",
+    "unable_authenticate": "認証できません",
+    "unknown_group": "不明な '{group}' グループ",
+    "unknown_user": "不明な '{user}' ユーザー",
+    "values_mismatch": "値が一致しない",
+    "warning": "警告:",
+    "websocket_request_expected": "WebSocket 要求が必要です",
+    "cannot_open_file": "ファイル{file}を開けませんでした(理由:{error})",
+    "cannot_write_file": "ファイル {file}を書き込めませんでした (理由: {error})",
+    "unknown_error_reading_file": "ファイル{file}を読み取ろうとしているときに不明なエラーが発生しました(理由:{error})",
+    "corrupted_json": "{ressource}から読み取られたJSONは破損していました(理由:{error})",
+    "corrupted_yaml": "破損した YAML が{ressource}から読み取られました (理由: {error})",
+    "corrupted_toml": "破損した TOML が{ressource}から読み取られました (理由: {error})",
+    "error_writing_file": "ファイル{file}書き込み時のエラー:{error}",
+    "error_removing": "{path}を削除するときのエラー:{error}",
+    "error_changing_file_permissions": "{path}のアクセス許可変更時のエラー: {error}",
+    "invalid_url": "{url}に接続できませんでした…サービスがダウンしているか、IPv4 / IPv6でインターネットに正しく接続されていない可能性があります。",
+    "download_ssl_error": "{url}への接続時のSSLエラー",
+    "download_timeout": "{url}は応答に時間がかかりすぎたため、あきらめました。"
+}

locales/kab.json

@@ -0,0 +1,8 @@
+{
+    "error": "Erreur :",
+    "success": "Akka d rrbeḥ !",
+    "password": "Awal n uɛeddi",
+    "logged_in": "Taqqneḍ",
+    "logged_out": "Yeffeɣ",
+    "authentication_required": "Tlaq tuqqna"
+}

locales/ko.json

@@ -0,0 +1 @@
+{}

locales/lt.json

@@ -0,0 +1 @@
+{}

locales/mk.json

@@ -0,0 +1 @@
+{}

locales/nb_NO.json

@@ -0,0 +1,19 @@
+{
+    "argument_required": "Argumentet '{argument}' er påkrevd",
+    "warn_the_user_about_waiting_lock_again": "Venter fremdeles…",
+    "websocket_request_expected": "Forventet en WebSocket-forespørsel",
+    "warning": "Advarsel:",
+    "values_mismatch": "Verdiene samsvarer ikke",
+    "unknown_user": "Ukjent '{user}' bruker",
+    "unknown_group": "Ukjent '{group}' gruppe",
+    "unable_authenticate": "Kunne ikke identitetsbekrefte",
+    "success": "Vellykket!",
+    "operation_interrupted": "Operasjon forstyrret",
+    "not_logged_in": "Du er ikke innlogget",
+    "logged_in": "Innlogget",
+    "info": "Info:",
+    "error": "Feil:",
+    "confirm": "Bekreft {prompt}",
+    "logged_out": "Utlogget",
+    "password": "Passord"
+}

locales/ne.json

@@ -0,0 +1,9 @@
+{
+    "logged_out": "लग आउट",
+    "password": "पासवर्ड",
+    "deprecated_command_alias": "'{prog} {old}' अस्वीकृत गरिएको छ र भविष्यमा हटाइनेछ, यसको सट्टा '{prog} {new}' प्रयोग गर्नुहोस्।",
+    "deprecated_command": "'{prog} {command}' अस्वीकृत गरिएको छ र भविष्यमा हटाइनेछ",
+    "confirm": "कन्फर्म {prompt}",
+    "authentication_required": "प्रमाणीकरण आवाश्यक छ",
+    "argument_required": "तर्क '{argument}' आवश्यक छ"
+}

locales/nl.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Argument {argument} is vereist",
+    "authentication_required": "Aanmelding vereist",
+    "confirm": "Bevestig {prompt}",
+    "error": "Fout:",
+    "file_not_exist": "Bestand bestaat niet: '{path}'",
+    "folder_exists": "Deze map bestaat al: '{path}'",
+    "instance_already_running": "Er is al een bewerking bezig. Even geduld tot deze afgesloten is, alvorens een andere te starten.",
+    "invalid_argument": "Ongeldig argument '{argument}': {error}",
+    "invalid_usage": "Ongeldig gebruik, doe --help om de hulptekst te lezen",
+    "logged_in": "Ingelogd",
+    "logged_out": "Uitgelogd",
+    "not_logged_in": "U bent niet ingelogd",
+    "operation_interrupted": "Operatie onderbroken",
+    "password": "Wachtwoord",
+    "pattern_not_match": "Past niet in het patroon",
+    "root_required": "Je moet root zijn om deze actie uit te voeren",
+    "server_already_running": "Er is al een server actief op die poort",
+    "success": "Succes!",
+    "unable_authenticate": "Aanmelding niet mogelijk",
+    "values_mismatch": "Waarden zijn niet gelijk",
+    "warning": "Waarschuwing:",
+    "websocket_request_expected": "Verwachtte een WebSocket request",
+    "deprecated_command": "'{prog} {command}' is verouderd en wordt binnenkort verwijderd",
+    "deprecated_command_alias": "'{prog} {old}' is verouderd en wordt binnenkort verwijderd, gebruik in de plaats '{prog} {new}'",
+    "unknown_group": "Groep '{group}' is onbekend",
+    "unknown_user": "Gebruiker '{user}' is onbekend",
+    "cannot_open_file": "Niet mogelijk om bestand {file} te openen (reden: {error})",
+    "cannot_write_file": "Niet gelukt om bestand {file} te schrijven (reden: {error})",
+    "unknown_error_reading_file": "Ongekende fout tijdens het lezen van bestand {file} (cause:{error})",
+    "corrupted_json": "Corrupte JSON gelezen van {ressource} (reden: {error})",
+    "error_writing_file": "Fout tijdens het schrijven van bestand {file}: {error}",
+    "error_removing": "Fout tijdens het verwijderen van {path}: {error}",
+    "error_changing_file_permissions": "Fout tijdens het veranderen van machtiging voor {path}: {error}",
+    "invalid_url": "Kon niet verbinden met {url}… misschien is de dienst uit de lucht, of ben je niet goed verbonden via IPv4 of IPv6.",
+    "download_ssl_error": "SSL fout gedurende verbinding met {url}",
+    "download_timeout": "{url} neemt te veel tijd om te antwoorden, we geven het op.",
+    "download_unknown_error": "Fout tijdens het downloaden van data van {url}: {error}",
+    "download_bad_status_code": "{url} stuurt status code {code}",
+    "warn_the_user_that_lock_is_acquired": "De andere opdracht is zojuist voltooid; nu wordt nu deze opdracht gestart",
+    "warn_the_user_about_waiting_lock_again": "Nog steeds aan het wachten…",
+    "warn_the_user_about_waiting_lock": "Een ander YunoHost commando wordt uitgevoerd, we wachten tot het gedaan is alovrens dit te starten",
+    "corrupted_toml": "Ongeldige TOML werd gelezen van {ressource} (reason: {error})",
+    "corrupted_yaml": "Ongeldig YAML bestand op {ressource} (reden: {error})",
+    "info": "Ter info:",
+    "edit_text_question": "{}. Deze tekst bewerken ? [yN]: "
+}

locales/oc.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "L’argument {argument} es requesit",
+    "authentication_required": "Autentificacion requesida",
+    "logged_in": "Connectat",
+    "logged_out": "Desconnectat",
+    "password": "Senhal",
+    "confirm": "Confirmatz : {prompt}",
+    "deprecated_command": "« {prog} {command} » es despreciat e serà lèu suprimit",
+    "deprecated_command_alias": "« {prog} {old} » es despreciat e serà lèu suprimit, utilizatz « {prog} {new} » allòc",
+    "error": "Error :",
+    "file_not_exist": "Lo fichièr « {path} » existís pas",
+    "folder_exists": "Lo repertòri existís ja : « {path} »",
+    "instance_already_running": "I a ja una operacion de YunoHost en cors. Mercés d’esperar que s’acabe abans de ne lançar una mai.",
+    "invalid_argument": "Argument « {argument} » incorrècte : {error}",
+    "not_logged_in": "Cap de session començada",
+    "pattern_not_match": "Correspond pas al patron",
+    "root_required": "Cal èsser root per realizar aquesta accion",
+    "unknown_group": "Grop « {group} » desconegut",
+    "unknown_user": "Utilizaire « {user} » desconegut",
+    "values_mismatch": "Las valors correspondon pas",
+    "warning": "Atencion :",
+    "invalid_usage": "Usatge invalid, utilizatz --help per accedir a l’ajuda",
+    "operation_interrupted": "Operacion interrompuda",
+    "server_already_running": "Un servidor es ja en execucion sus aqueste pòrt",
+    "success": "Capitada !",
+    "unable_authenticate": "Impossible de vos autentificar",
+    "websocket_request_expected": "Una requèsta WebSocket èra esperada",
+    "cannot_open_file": "Impossible de dobrir lo fichièr {file} (rason : {error})",
+    "cannot_write_file": "Escritura impossibla del fichièr {file} (rason : {error})",
+    "unknown_error_reading_file": "Error desconeguda en ensajar de legir lo fichièr {file} (rason : {error})",
+    "error_writing_file": "Error en escriure lo fichièr {file} : {error}",
+    "error_removing": "Error en suprimir {path} : {error}",
+    "error_changing_file_permissions": "Error en modificar las permissions per {path} : {error}",
+    "invalid_url": "Url invalida {url} (existís aqueste site ?)",
+    "download_ssl_error": "Error SSL en se connectant a {url}",
+    "download_timeout": "{url} a trigat per respondre, avèm quitat d’esperar.",
+    "download_unknown_error": "Error en telecargar de donadas de {url} : {error}",
+    "download_bad_status_code": "{url} tòrna lo còdi d’estat {code}",
+    "corrupted_json": "Fichièr Json corromput legit de {ressource} (rason : {error})",
+    "corrupted_yaml": "Fichièr YAML corromput legit de {ressource} (rason : {error})",
+    "info": "Info :",
+    "corrupted_toml": "Fichièr TOML corromput en lectura de {ressource} estant (rason : {error})",
+    "warn_the_user_about_waiting_lock": "Una autra comanda YunoHost es en execucion, sèm a esperar qu’acabe abans d’aviar aquesta d’aquí",
+    "warn_the_user_about_waiting_lock_again": "Encara en espèra…",
+    "warn_the_user_that_lock_is_acquired": "l’autra comanda ven d’acabar, ara lançament d’aquesta comanda",
+    "edit_text_question": "{}. Modificar aqueste tèxte ? [yN]: "
+}

locales/pl.json

@@ -0,0 +1,47 @@
+{
+    "logged_out": "Wylogowano",
+    "password": "Hasło",
+    "warn_the_user_that_lock_is_acquired": "Inne polecenie właśnie się zakończyło, teraz uruchamiam to polecenie",
+    "warn_the_user_about_waiting_lock_again": "Wciąż czekam…",
+    "warn_the_user_about_waiting_lock": "Kolejne polecenie YunoHost jest obecnie uruchomione, czekamy na jego zakończenie przed uruchomieniem tego",
+    "download_bad_status_code": "{url} zwrócił kod stanu {code}",
+    "download_unknown_error": "Błąd podczas pobierania danych z {url}: {error}",
+    "download_timeout": "{url} potrzebował zbyt dużo czasu na odpowiedź, rezygnacja.",
+    "download_ssl_error": "Błąd SSL podczas łączenia z {url}",
+    "invalid_url": "Nie udało się połączyć z {url}… być może strona nie jest dostępna, lub nie jesteś prawidłowo połączony z Internetem po IPv4/IPv6.",
+    "error_changing_file_permissions": "Błąd podczas zmiany uprawnień dla {path}: {error}",
+    "error_removing": "Błąd podczas usuwania {path}: {error}",
+    "error_writing_file": "Błąd podczas zapisywania pliku {file}: {error}",
+    "corrupted_toml": "Uszkodzony TOML odczytany z {ressource} (reason: {error})",
+    "corrupted_yaml": "Uszkodzony YAML odczytany z {ressource} (reason: {error})",
+    "corrupted_json": "Uszkodzony JSON odczytany z {ressource} (reason: {error})",
+    "unknown_error_reading_file": "Nieznany błąd podczas próby odczytania pliku {file} (przyczyna: {error})",
+    "cannot_write_file": "Nie można zapisać pliku {file} (przyczyna: {error})",
+    "cannot_open_file": "Nie można otworzyć pliku {file} (przyczyna: {error})",
+    "websocket_request_expected": "Oczekiwano żądania WebSocket",
+    "warning": "Ostrzeżenie:",
+    "values_mismatch": "Wartości nie pasują",
+    "unknown_user": "Nieznany użytkownik '{user}'",
+    "unknown_group": "Nieznana grupa '{group}'",
+    "unable_authenticate": "Nie można uwierzytelnić",
+    "success": "Sukces!",
+    "server_already_running": "Serwer już działa na tym porcie",
+    "root_required": "Aby wykonać tę akcję, musisz być rootem",
+    "pattern_not_match": "Nie pasuje do wzoru",
+    "operation_interrupted": "Operacja przerwana",
+    "not_logged_in": "Nie jesteś zalogowany",
+    "logged_in": "Zalogowany",
+    "invalid_usage": "Nieprawidłowe użycie, wprowadź --help, aby wyświetlić pomoc",
+    "invalid_argument": "Nieprawidłowy argument „{argument}”: {error}",
+    "instance_already_running": "Trwa już operacja YunoHost. Zaczekaj na jej zakończenie, zanim uruchomisz kolejną.",
+    "info": "Info:",
+    "folder_exists": "Folder już istnieje: „{path}”",
+    "file_not_exist": "Plik nie istnieje: „{path}”",
+    "error": "Błąd:",
+    "deprecated_command_alias": "„{prog} {old}” jest przestarzałe i zostanie usunięte w przyszłości, zamiast tego użyj „{prog} {new}”",
+    "deprecated_command": "„{prog} {command}” jest przestarzałe i zostanie usunięte w przyszłości",
+    "confirm": "Potwierdź {prompt}",
+    "authentication_required": "Wymagane uwierzytelnienie",
+    "argument_required": "Argument „{argument}” jest wymagany",
+    "edit_text_question": "{}. Zedytować ten tekst? [tN]: "
+}

locales/pt.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "O argumento '{argument}' é obrigatório",
+    "authentication_required": "Autenticação obrigatória",
+    "confirm": "Confirmar {prompt}",
+    "error": "Erro:",
+    "file_not_exist": "O ficheiro não existe: '{path}'",
+    "folder_exists": "A pasta já existe: '{path}'",
+    "instance_already_running": "Já existe uma operação YunoHost em execução. Aguarde o término antes de executar outro.",
+    "invalid_argument": "Argumento inválido '{argument}': {error}",
+    "invalid_usage": "Uso invalido, utilizar --help para ver a ajuda",
+    "logged_in": "Sessão iniciada",
+    "logged_out": "Sessão terminada",
+    "not_logged_in": "Não tem sessão iniciada",
+    "operation_interrupted": "Operação cancelada",
+    "password": "Senha",
+    "pattern_not_match": "Não corresponde ao motivo",
+    "root_required": "Deve ser root (administrador) para realizar esta ação",
+    "server_already_running": "Existe um servidor ativo nessa porta",
+    "success": "Sucesso!",
+    "unable_authenticate": "Não foi possível autenticar",
+    "values_mismatch": "Os valores não coincidem",
+    "warning": "Aviso:",
+    "websocket_request_expected": "Esperado um pedido a WebSocket",
+    "deprecated_command": "'{prog} {command}' está obsoleto e será removido no futuro",
+    "deprecated_command_alias": "'{prog} {old}' está obsoleto e será removido no futuro, em vez disso, usa '{prog} {new}'",
+    "unknown_group": "Grupo '{group}' desconhecido",
+    "unknown_user": "Nome de utilizador '{user}' desconhecido",
+    "cannot_open_file": "Não foi possível abrir o arquivo {file} (reason: {error})",
+    "cannot_write_file": "Não foi possível abrir o arquivo {file} (reason: {error})",
+    "unknown_error_reading_file": "Erro desconhecido ao tentar ler o arquivo {file} (motivo: {error})",
+    "error_writing_file": "Erro ao gravar arquivo {file}: {error}",
+    "error_removing": "Erro ao remover {path}: {error}",
+    "error_changing_file_permissions": "Erro ao alterar as permissões para {path}: {error}",
+    "invalid_url": "URL inválida {url} (Esse site existe ?)",
+    "download_ssl_error": "Erro de SSL ao conectar-se a {url}",
+    "download_timeout": "{url} demorou muito para responder, desistiu.",
+    "download_unknown_error": "Erro quando baixando os dados de {url} : {error}",
+    "download_bad_status_code": "{url} retornou o código de status {code}",
+    "corrupted_json": "JSON corrompido lido do {ressource} (motivo: {error})",
+    "corrupted_yaml": "YAML corrompido lido do {ressource} (motivo: {error})",
+    "warn_the_user_that_lock_is_acquired": "O outro comando acabou de concluir, agora iniciando este comando",
+    "warn_the_user_about_waiting_lock_again": "Ainda esperando…",
+    "warn_the_user_about_waiting_lock": "Outro comando YunoHost está sendo executado agora, estamos aguardando o término antes de executar este",
+    "corrupted_toml": "TOML corrompido lido em {ressource} (motivo: {error})",
+    "info": "Informações:",
+    "edit_text_question": "{}. Editar este texto ? [yN]: "
+}

locales/pt_BR.json

@@ -0,0 +1 @@
+{}

locales/ru.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "Требуется аргумент «{argument}»",
+    "authentication_required": "Требуется аутентификация",
+    "confirm": "Подтвердить {prompt}",
+    "deprecated_command": "'{prog} {command}' устарела и будет удалена",
+    "deprecated_command_alias": "'{prog} {old}' устарела и будет удалена, вместо неё используйте '{prog} {new}'",
+    "error": "Ошибка:",
+    "file_not_exist": "Файл не существует: '{path}'",
+    "folder_exists": "Каталог уже существует: '{path}'",
+    "invalid_argument": "Неправильный аргумент '{argument}': {error}",
+    "logged_in": "Вы вошли",
+    "logged_out": "Вы вышли из системы",
+    "not_logged_in": "Вы не вошли в систему",
+    "operation_interrupted": "Действие прервано",
+    "password": "Пароль",
+    "pattern_not_match": "Не соответствует образцу",
+    "server_already_running": "Сервер уже запущен на этом порте",
+    "success": "Отлично!",
+    "unable_authenticate": "Аутентификация невозможна",
+    "unknown_group": "Неизвестная '{group}' группа",
+    "unknown_user": "Неизвестный '{user}' пользователь",
+    "values_mismatch": "Неверные значения",
+    "warning": "Внимание :",
+    "websocket_request_expected": "Ожидается запрос WebSocket",
+    "cannot_open_file": "Не могу открыть файл {file} (причина: {error})",
+    "cannot_write_file": "Не могу записать файл {file} (причина: {error})",
+    "unknown_error_reading_file": "Неизвестная ошибка при попытке прочитать файл {file} (причина: {error})",
+    "corrupted_yaml": "Повреждённой YAML получен от {ressource} (причина: {error})",
+    "error_writing_file": "Ошибка при записи файла {file}: {error}",
+    "error_removing": "Ошибка при удалении {path}: {error}",
+    "invalid_url": "Не удалось подключиться к {url}... возможно этот сервис недоступен или вы не подключены к Интернету через IPv4/IPv6.",
+    "download_ssl_error": "Ошибка SSL при соединении с {url}",
+    "download_timeout": "Превышено время ожидания ответа от {url}.",
+    "download_unknown_error": "Ошибка при загрузке данных с {url} : {error}",
+    "instance_already_running": "Операция YunoHost уже запущена. Пожалуйста, подождите, пока он закончится, прежде чем запускать другой.",
+    "root_required": "Чтобы выполнить это действие, вы должны иметь права root",
+    "corrupted_json": "Повреждённый json получен от {ressource} (причина: {error})",
+    "warn_the_user_that_lock_is_acquired": "Другая команда только что завершилась, теперь запускается эта команда",
+    "warn_the_user_about_waiting_lock_again": "Все еще жду...",
+    "warn_the_user_about_waiting_lock": "Сейчас запускается еще одна команда YunoHost, мы ждем ее завершения, прежде чем запустить эту",
+    "download_bad_status_code": "{url} вернул код состояния {code}",
+    "error_changing_file_permissions": "Ошибка при изменении разрешений для {path}: {error}",
+    "corrupted_toml": "Поврежденный TOML, прочитанный из {ressource} (причина: {error})",
+    "invalid_usage": "Неправильное использование, передайте --help, чтобы увидеть помощь",
+    "info": "Информация:",
+    "edit_text_question": "{}. Изменить этот текст? [yN]: "
+}

locales/sk.json

@@ -0,0 +1,47 @@
+{
+    "authentication_required": "Vyžadované overenie",
+    "confirm": "Potvrdiť {prompt}",
+    "password": "Heslo",
+    "argument_required": "Je vyžadovaný argument '{argument}'",
+    "deprecated_command": "'{prog} {command}' je zastaraný a v ďalších verziách bude odstránený",
+    "deprecated_command_alias": "'{prog} {old}' je zastaraný a v ďalších verziách bude odstránený, použite miesto neho '{prog} {new}'",
+    "edit_text_question": "{}. Upraviť tento text? [yN]: ",
+    "error": "Chyba:",
+    "file_not_exist": "Súbor neexistuje: '{path}'",
+    "folder_exists": "Adresár už existuje: '{path}'",
+    "info": "Informácie:",
+    "instance_already_running": "Práve prebieha iná YunoHost operácia. Pred spustením ďalšej operácie počkajte na jej dokončenie.",
+    "invalid_argument": "Nesprávny argument '{argument}': {error}",
+    "invalid_usage": "Nesprávne použitie, pridajte --help pre zobrazenie pomocníka",
+    "logged_in": "Prihlásený",
+    "logged_out": "Boli ste odhlásený",
+    "not_logged_in": "Nie ste prihlásený",
+    "operation_interrupted": "Operácia bola prerušená",
+    "pattern_not_match": "Nezodpovedá výrazu",
+    "root_required": "Pre vykonanie tejto akcie musíte byť root",
+    "server_already_running": "Na tomto porte už server beží",
+    "success": "Podarilo sa!",
+    "unable_authenticate": "Nie je možné overiť",
+    "unknown_group": "Neznáma skupina '{group}'",
+    "unknown_user": "Neznámy používateľ '{user}'",
+    "values_mismatch": "Hodnoty nesúhlasia",
+    "warning": "Varovanie:",
+    "websocket_request_expected": "Očakávaná WebSocket požiadavka",
+    "cannot_open_file": "Nedá sa otvoriť súbor {file} (príčina: {error})",
+    "cannot_write_file": "Nedá sa zapísať do súboru {file} (príčina: {error})",
+    "unknown_error_reading_file": "Vyskytla sa neznáma chyba pri čítaní súboru {file} (príčina: {error})",
+    "corrupted_json": "Nepodarilo sa načítať JSON {ressource} (príčina: {error})",
+    "corrupted_yaml": "Nepodarilo sa načítať YAML z {ressource} (príčina: {error})",
+    "corrupted_toml": "Nepodarilo sa načítať TOML z {ressource} (príčina: {error})",
+    "error_writing_file": "Chyba pri zápise do súboru {file}: {error}",
+    "error_removing": "Chyba pri odstraňovaní {path}: {error}",
+    "error_changing_file_permissions": "Chyba pri nastavovaní oprávnení pre {path}: {error}",
+    "invalid_url": "Nepodarilo sa pripojiť k {url}… možno je služba vypnutá alebo nemáte fungujúce pripojenie k internetu prostredníctvom IPv4/IPv6.",
+    "download_ssl_error": "SSL chyba počas spojenia s {url}",
+    "download_timeout": "{url} príliš dlho neodpovedá, vzdávam to.",
+    "download_unknown_error": "Chyba pri sťahovaní dát z {url}: {error}",
+    "download_bad_status_code": "{url} vrátil stavový kód {code}",
+    "warn_the_user_about_waiting_lock": "Práve prebieha iná operácia YunoHost, pred spustením čakáme na jej dokončenie",
+    "warn_the_user_about_waiting_lock_again": "Stále čakáme…",
+    "warn_the_user_that_lock_is_acquired": "Predchádzajúca operácia bola dokončená, teraz spúšťame túto"
+}

locales/sl.json

@@ -0,0 +1 @@
+{}

locales/sv.json

@@ -0,0 +1,46 @@
+{
+    "warn_the_user_about_waiting_lock_again": "Väntar fortfarande…",
+    "download_bad_status_code": "{url} svarade med statuskod {code}",
+    "download_timeout": "Gav upp eftersom {url} tog för lång tid på sig att svara.",
+    "download_ssl_error": "Ett SSL-fel påträffades vid anslutning till {url}",
+    "cannot_write_file": "Kunde inte skriva till filen {file} (orsak: {error})",
+    "cannot_open_file": "Kunde inte öppna filen {file} (orsak: {error})",
+    "websocket_request_expected": "Förväntade en WebSocket-förfrågan",
+    "warning": "Varning:",
+    "values_mismatch": "Värdena stämmer inte överens",
+    "unknown_user": "Okänd användare '{user}'",
+    "unknown_group": "Okänd grupp '{group}'",
+    "success": "Lyckades!",
+    "server_already_running": "En server använder redan den porten",
+    "root_required": "Du måste vara inloggad som root för att utföra den här åtgärden",
+    "pattern_not_match": "Stämmer inte in på mönstret",
+    "operation_interrupted": "Behandling avbruten",
+    "not_logged_in": "Du är inte inloggad",
+    "logged_in": "Inloggad",
+    "invalid_argument": "Ogiltig parameter '{argument}': {error}",
+    "logged_out": "Utloggad",
+    "info": "Info:",
+    "folder_exists": "Katalogen finns redan: '{path}'",
+    "file_not_exist": "Filen finns inte: '{path}'",
+    "error": "Fel:",
+    "deprecated_command_alias": "'{prog} {old}' rekommenderas inte längre och kommer tas bort i framtiden, använd '{prog} {new}' istället",
+    "deprecated_command": "'{prog} {command}' rekommenderas inte längre och kommer tas bort i framtiden",
+    "confirm": "Bekräfta {prompt}",
+    "argument_required": "Parametern '{argument}' krävs",
+    "password": "Lösenord",
+    "warn_the_user_that_lock_is_acquired": "det andra kommandot har bara slutförts, nu startar du det här kommandot",
+    "warn_the_user_about_waiting_lock": "Ett annat YunoHost-kommando körs just nu, vi väntar på att det ska slutföras innan det här körs",
+    "download_unknown_error": "Fel vid nedladdning av data från {url}: {error}",
+    "invalid_url": "Ogiltig url {url} (finns den här webbplatsen?)",
+    "error_changing_file_permissions": "Fel vid ändring av behörigheter för {path}: {error}",
+    "error_removing": "Fel vid borttagning av {path}: {error}",
+    "error_writing_file": "Fel vid skrivning av fil {file}: {error}",
+    "corrupted_toml": "Korrupt toml läst från {ressource} (anledning: {error})",
+    "corrupted_yaml": "Skadad yaml läst från {ressource} (anledning: {error})",
+    "corrupted_json": "Skadad json läst från {ressource} (anledning: {error})",
+    "unknown_error_reading_file": "Okänt fel vid försök att läsa filen {file} (anledning: {error})",
+    "unable_authenticate": "Det går inte att verifiera",
+    "invalid_usage": "Ogiltig användning, pass --help för att se hjälp",
+    "instance_already_running": "Det finns redan en YunoHost-operation. Vänta tills den är klar innan du kör en annan.",
+    "authentication_required": "Autentisering krävs"
+}

locales/te.json

@@ -0,0 +1 @@
+{}

locales/tr.json

@@ -0,0 +1,47 @@
+{
+    "argument_required": "{argument} argümanı gerekli",
+    "authentication_required": "Yetklendirme gerekli",
+    "confirm": "{prompt}'i doğrulayın",
+    "error": "Hata:",
+    "instance_already_running": "Halihazırda bir YunoHost operasyonu var. Lütfen başka bir tane çalıştırmadan önce bitmesini bekleyin.",
+    "invalid_argument": "Geçersiz argüman '{argument}': {error}",
+    "logged_in": "Giriş yapıldı",
+    "logged_out": "Çıkış yapıldı",
+    "not_logged_in": "Giriş yapmadınız",
+    "operation_interrupted": "İşlem yarıda kesildi",
+    "password": "Parola",
+    "pattern_not_match": "İstenen biçimle uyuşmuyor",
+    "root_required": "Bu işlemi yapmak için root olmalısınız",
+    "server_already_running": "Bu portta zaten çalışan bir sunucu var",
+    "success": "İşlem Başarılı!",
+    "unable_authenticate": "Yetkilendirme başarısız",
+    "values_mismatch": "Değerler uyuşmuyor",
+    "warning": "Uyarı:",
+    "websocket_request_expected": "WebSocket isteği gerekli",
+    "warn_the_user_that_lock_is_acquired": "Diğer komut şimdi tamamlandı, şimdi bu komutu başlatıyor",
+    "warn_the_user_about_waiting_lock_again": "Hala bekliyor…",
+    "warn_the_user_about_waiting_lock": "Başka bir YunoHost komutu şu anda çalışıyor, bunu çalıştırmadan önce bitmesini bekliyoruz",
+    "download_bad_status_code": "{url} döndürülen durum kodu {code}",
+    "download_unknown_error": "{url} adresinden veri indirilirken hata oluştu: {error}",
+    "download_timeout": "{url} yanıtlaması çok uzun sürdü, pes etti.",
+    "download_ssl_error": "{url} ağına bağlanırken SSL hatası",
+    "invalid_url": "{url} bağlanılamadı… URL çalışmıyor olabilir veya IPv4/IPv6 internete düzgün bir şekilde bağlı değilsiniz.",
+    "error_changing_file_permissions": "{path} için izinler değiştirilirken hata oluştu: {error}",
+    "error_removing": "{path} kaldırılırken hata oluştu: {error}",
+    "error_writing_file": "{file} dosyası yazılırken hata oluştu: {error}",
+    "corrupted_toml": "{ressource} kaynağından okunan bozuk TOML(nedeni: {error})",
+    "corrupted_yaml": "{ressource} kaynağından bozuk YAML okunuyor (neden: {error})",
+    "corrupted_json": "{ressource} adresinden okunan bozuk json (neden: {error})",
+    "unknown_error_reading_file": "{file} dosyasını okumaya çalışırken bilinmeyen hata (nedeni: {error})",
+    "cannot_write_file": "{file} dosyası yazılamadı (nedeni: {error})",
+    "cannot_open_file": "{file} dosyası açılamadı (nedeni: {error})",
+    "unknown_user": "Bilinmeyen '{user}' kullanıcı",
+    "unknown_group": "Bilinmeyen '{group}' grubu",
+    "invalid_usage": "Geçersiz kullanım, yardım görmek için --help iletin",
+    "info": "Bilgi:",
+    "folder_exists": "Klasör zaten var: '{path}'",
+    "file_not_exist": "Dosya mevcut değil: '{path}'",
+    "deprecated_command_alias": "'{prog} {old}' kullanımdan kaldırıldı ve gelecekte kaldırılacak, bunun yerine '{prog} {new}' kullanın",
+    "deprecated_command": "'{prog} {command}' kullanımdan kaldırıldı ve gelecekte kaldırılacak",
+    "edit_text_question": "{}. Bu metni düzenle ? [yN]: "
+}

locales/uk.json

@@ -0,0 +1,47 @@
+{
+    "password": "Пароль",
+    "logged_out": "Ви вийшли з системи",
+    "invalid_url": "Помилка з'єднання із {url}… можливо, служба не працює, або ви неправильно під'єднані до Інтернету в IPv4/IPv6.",
+    "warn_the_user_that_lock_is_acquired": "Інша команда щойно завершилася, тепер запускаємо цю команду",
+    "warn_the_user_about_waiting_lock_again": "Досі очікуємо…",
+    "warn_the_user_about_waiting_lock": "Зараз запускається ще одна команда YunoHost, ми чекаємо її завершення, перш ніж запустити цю",
+    "download_bad_status_code": "{url} повернув код стану {code}",
+    "download_unknown_error": "Помилка під час завантаження даних з {url}: {error}",
+    "download_timeout": "Перевищено час очікування відповіді від {url}.",
+    "download_ssl_error": "Помилка SSL під час з'єднання з {url}",
+    "error_changing_file_permissions": "Помилка під час зміни дозволів для {path}: {error}",
+    "error_removing": "Помилка під час видалення {path}: {error}",
+    "error_writing_file": "Помилка під час запису файлу {file}: {error}",
+    "corrupted_toml": "Пошкоджений TOML, зчитаний з {ressource} (причина: {error})",
+    "corrupted_yaml": "Пошкоджений YAML, зчитаний з {ressource} (причина: {error})",
+    "corrupted_json": "Пошкоджений JSON, зчитаний з {ressource} (причина: {error})",
+    "unknown_error_reading_file": "Невідома помилка під час спроби прочитати файл {file} (причина: {error})",
+    "cannot_write_file": "Не можу записати файл {file} (причина: {error})",
+    "cannot_open_file": "Не можу відкрити файл {file} (причина: {error})",
+    "websocket_request_expected": "Очікується запит WebSocket",
+    "warning": "Попередження:",
+    "values_mismatch": "Неприпустимі значення",
+    "unknown_user": "Невідомий користувач '{user}'",
+    "unknown_group": "Невідома група '{group}'",
+    "unable_authenticate": "Автентифікація неможлива",
+    "success": "Успішно!",
+    "server_already_running": "Сервер вже запущений на цьому порті",
+    "root_required": "Щоб виконати цю дію, ви повинні мати кореневі права (root)",
+    "pattern_not_match": "Не відповідає зразку",
+    "operation_interrupted": "Операцію перервано",
+    "not_logged_in": "Ви не увійшли в систему",
+    "logged_in": "Ви увійшли в систему",
+    "invalid_usage": "Неправильне використання, передайте --help для перегляду довідки",
+    "invalid_argument": "Неправильний аргумент '{argument}': {error}",
+    "instance_already_running": "Операція YunoHost вже запущена. Будь ласка, зачекайте, поки вона закінчиться, перш ніж запускати іншу.",
+    "info": "Відомості:",
+    "folder_exists": "Каталог вже існує: '{path}'",
+    "file_not_exist": "Файл не існує: '{path}'",
+    "error": "Помилка:",
+    "deprecated_command_alias": "'{prog} {old}' застаріла і буде видалена, замість неї використовуйте '{prog} {new}'",
+    "deprecated_command": "'{prog} {command}' застаріла і буде видалена",
+    "confirm": "Підтвердити {prompt}",
+    "authentication_required": "Потрібна автентифікація",
+    "argument_required": "Потрібен аргумент '{argument}'",
+    "edit_text_question": "{}. Редагувати цей текст? [yN]: "
+}

maintenance/make_changelog.sh

@@ -0,0 +1,37 @@
+VERSION="11.2.1"
+RELEASE="stable"
+REPO=$(basename $(git rev-parse --show-toplevel))
+REPO_URL=$(git remote get-url origin)
+ME=$(git config --get user.name)
+EMAIL=$(git config --get user.email)
+
+LAST_RELEASE=$(git tag --list 'debian/11.*'  --sort="v:refname" | tail -n 1)
+
+echo "$REPO ($VERSION) $RELEASE; urgency=low"
+echo ""
+
+git log $LAST_RELEASE.. -n 10000 --first-parent --pretty=tformat:'  - %b%s (%h)' \
+| sed -E "s&Merge .*#([0-9]+).*\$& \([#\1]\(http://github.com/YunoHost/$REPO/pull/\1\)\)&g" \
+| sed -E "/Co-authored-by: .* <.*>/d" \
+| grep -v "Translations update from Weblate" \
+| tac
+
+TRANSLATIONS=$(git log $LAST_RELEASE... -n 10000 --pretty=format:"%s"  \
+               | grep "Translated using Weblate" \
+               | sed -E "s/Translated using Weblate \((.*)\)/\1/g"  \
+               | sort | uniq | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
+[[ -z "$TRANSLATIONS" ]] || echo "  - [i18n] Translations updated for $TRANSLATIONS"
+
+echo ""
+CONTRIBUTORS=$(git log -n10 --pretty=format:'%Cred%h%Creset %C(bold blue)(%an) %Creset%Cgreen(%cr)%Creset - %s %C(yellow)%d%Creset' --abbrev-commit $LAST_RELEASE... -n 10000 --pretty=format:"%an" \
+               | sort | uniq  | grep -v "$ME" | grep -v 'yunohost-bot' | grep -vi 'weblate' \
+               | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
+[[ -z "$CONTRIBUTORS" ]] || echo "  Thanks to all contributors <3 ! ($CONTRIBUTORS)"
+echo ""
+echo " -- $ME <$EMAIL>  $(date -R)"
+echo ""
+
+
+
+# PR links can be converted to regular texts using : sed -E 's@\[(#[0-9]*)\]\([^ )]*\)@\1@g'
+# Or readded with sed -E 's@#([0-9]*)@[YunoHost#\1](https://github.com/yunohost/yunohost/pull/\1)@g' | sed -E 's@\((\w+)\)@([YunoHost/\1](https://github.com/yunohost/yunohost/commit/\1))@g'

moulinette/__init__.py

@@ -1,13 +1,13 @@
 # -*- coding: utf-8 -*-
 
-__title__ = 'moulinette'
-__version__ = '0.1'
-__author__ = ['Kload',
-              'jlebleu',
-              'titoko',
-              'beudbeud',
-              'npze']
-__license__ = 'AGPL 3.0'
+from moulinette.core import (
+    MoulinetteError,
+    Moulinette18n,
+)
+
+__title__ = "moulinette"
+__author__ = ["Yunohost Contributors"]
+__license__ = "AGPL 3.0"
 __credits__ = """
     Copyright (C) 2014 YUNOHOST.ORG
 
@@ -24,91 +24,97 @@ __credits__ = """
     You should have received a copy of the GNU Affero General Public License
     along with this program; if not, see http://www.gnu.org/licenses
     """
-__all__ = [
-    'init', 'api', 'cli',
-    'init_interface', 'MoulinetteError',
-]
-
-from moulinette.core import init_interface, MoulinetteError
+__all__ = ["init", "api", "cli", "m18n", "MoulinetteError", "Moulinette"]
 
 
-## Package functions
-
-def init(**kwargs):
-    """Package initialization
-
-    Initialize directories and global variables. It must be called
-    before any of package method is used - even the easy access
-    functions.
-
-    Keyword arguments:
-        - **kwargs -- See core.Package
-
-    At the end, the global variable 'pkg' will contain a Package
-    instance. See core.Package for available methods and variables.
-
-    """
-    import sys
-    import __builtin__
-    from moulinette.core import (
-        Package, Moulinette18n, MoulinetteSignals
-    )
-    __builtin__.__dict__['pkg'] = Package(**kwargs)
-    __builtin__.__dict__['m18n'] = Moulinette18n(pkg)
-    __builtin__.__dict__['msignals'] = MoulinetteSignals()
-    __builtin__.__dict__['msettings'] = dict()
-
-    # Add library directory to python path
-    sys.path.insert(0, pkg.libdir)
+m18n = Moulinette18n()
 
 
-## Easy access to interfaces
+class classproperty:
+    def __init__(self, f):
+        self.f = f
 
-def api(namespaces, host='localhost', port=80, routes={},
-        use_websocket=True, use_cache=True):
+    def __get__(self, obj, owner):
+        return self.f(owner)
+
+
+class Moulinette:
+    _interface = None
+
+    def prompt(*args, **kwargs):
+        return Moulinette.interface.prompt(*args, **kwargs)
+
+    def display(*args, **kwargs):
+        return Moulinette.interface.display(*args, **kwargs)
+
+    @classproperty
+    def interface(cls):
+        return cls._interface
+
+
+# Easy access to interfaces
+def api(host="localhost", port=80, routes={}, actionsmap=None, locales_dir=None):
     """Web server (API) interface
 
     Run a HTTP server with the moulinette for an API usage.
 
     Keyword arguments:
-        - namespaces -- The list of namespaces to use
         - host -- Server address to bind to
         - port -- Server port to bind to
         - routes -- A dict of additional routes to add in the form of
             {(method, uri): callback}
-        - use_websocket -- Serve via WSGI to handle asynchronous responses
-        - use_cache -- False if it should parse the actions map file
-            instead of using the cached one
 
     """
-    moulinette = init_interface('api',
-                                kwargs={'routes': routes},
-                                actionsmap={'namespaces': namespaces,
-                                            'use_cache': use_cache})
-    moulinette.run(host, port, use_websocket)
+    from moulinette.interfaces.api import Interface as Api
 
-def cli(namespaces, args, print_json=False, use_cache=True):
+    m18n.set_locales_dir(locales_dir)
+
+    try:
+        Api(
+            routes=routes,
+            actionsmap=actionsmap,
+        ).run(host, port)
+    except MoulinetteError as e:
+        import logging
+
+        logging.getLogger("moulinette").error(e.strerror)
+        return 1
+    except KeyboardInterrupt:
+        import logging
+
+        logging.getLogger("moulinette").info(m18n.g("operation_interrupted"))
+    return 0
+
+
+def cli(
+    args, top_parser, output_as=None, timeout=None, actionsmap=None, locales_dir=None
+):
     """Command line interface
 
     Execute an action with the moulinette from the CLI and print its
     result in a readable format.
 
     Keyword arguments:
-        - namespaces -- The list of namespaces to use
         - args -- A list of argument strings
-        - print_json -- True to print result as a JSON encoded string
-        - use_cache -- False if it should parse the actions map file
-            instead of using the cached one
+        - output_as -- Output result in another format, see
+            moulinette.interfaces.cli.Interface for possible values
+        - top_parser -- The top parser used to build the ActionsMapParser
 
     """
-    from moulinette.interfaces.cli import colorize
+    from moulinette.interfaces.cli import Interface as Cli
+
+    m18n.set_locales_dir(locales_dir)
 
     try:
-        moulinette = init_interface('cli',
-                                    actionsmap={'namespaces': namespaces,
-                                                'use_cache': use_cache})
-        moulinette.run(args, print_json)
+        load_only_category = args[0] if args and not args[0].startswith("-") else None
+        Cli(
+            top_parser=top_parser,
+            load_only_category=load_only_category,
+            actionsmap=actionsmap,
+        ).run(args, output_as=output_as, timeout=timeout)
     except MoulinetteError as e:
-        print('%s %s' % (colorize(m18n.g('error'), 'red'), e.strerror))
-        return e.errno
+        import logging
+
+        logging.getLogger("moulinette").error(e.strerror)
+        return 1
     return 0

moulinette/actionsmap.py

@@ -2,23 +2,35 @@
 
 import os
 import re
-import errno
 import logging
-import yaml
-import cPickle as pickle
+import glob
+import pickle as pickle
+
+from typing import List, Optional
+from time import time
 from collections import OrderedDict
+from importlib import import_module
+from functools import cache
 
-from moulinette.core import (MoulinetteError, MoulinetteLock)
+from moulinette import m18n, Moulinette
+from moulinette.core import (
+    MoulinetteError,
+    MoulinetteLock,
+    MoulinetteValidationError,
+)
 from moulinette.interfaces import BaseActionsMapParser
+from moulinette.utils.log import start_action_logging
+from moulinette.utils.filesystem import read_yaml
 
-GLOBAL_ARGUMENT = '_global'
+logger = logging.getLogger("moulinette.actionsmap")
 
 
-## Extra parameters ----------------------------------------------------
+# Extra parameters ----------------------------------------------------
 
 # Extra parameters definition
 
-class _ExtraParameter(object):
+
+class _ExtraParameter:
     """
     Argument parser for an extra parameter.
 
@@ -26,26 +38,16 @@ class _ExtraParameter(object):
     implement.
 
     """
+
+    name: Optional[str] = None
+
+    """A list of interface for which the parameter doesn't apply to"""
+    skipped_iface: List[str] = []
+
     def __init__(self, iface):
-        # TODO: Add conn argument which contains authentification object
         self.iface = iface
 
-
-    ## Required variables
-    # Each extra parameters classes must overwrite these variables.
-
-    """The extra parameter name"""
-    name = None
-
-
-    ## Optional variables
-    # Each extra parameters classes can overwrite these variables.
-
-    """A list of interface for which the parameter doesn't apply"""
-    skipped_iface = []
-
-
-    ## Virtual methods
+    # Virtual methods
     # Each extra parameters classes can implement these methods.
 
     def __call__(self, parameter, arg_name, arg_value):
@@ -78,6 +80,32 @@ class _ExtraParameter(object):
         """
         return value
 
+
+class CommentParameter(_ExtraParameter):
+    name = "comment"
+    skipped_iface = ["api"]
+
+    def __call__(self, message, arg_name, arg_value):
+        if arg_value is None:
+            return
+        return Moulinette.display(m18n.n(message))
+
+    @classmethod
+    def validate(klass, value, arg_name):
+        # Deprecated boolean or empty string
+        if isinstance(value, bool) or (isinstance(value, str) and not value):
+            logger.warning(
+                "expecting a non-empty string for extra parameter '%s' of "
+                "argument '%s'",
+                klass.name,
+                arg_name,
+            )
+            value = arg_name
+        elif not isinstance(value, str):
+            raise TypeError("parameter value must be a string, got %r" % value)
+        return value
+
+
 class AskParameter(_ExtraParameter):
     """
     Ask for the argument value if possible and needed.
@@ -86,32 +114,36 @@ class AskParameter(_ExtraParameter):
     when asking the argument value.
 
     """
-    name = 'ask'
-    skipped_iface = [ 'api' ]
+
+    name = "ask"
+    skipped_iface = ["api"]
 
     def __call__(self, message, arg_name, arg_value):
-        # TODO: Fix asked arguments ordering
         if arg_value:
             return arg_value
 
         try:
             # Ask for the argument value
-            return msignals.prompt(m18n.n(message))
+            return Moulinette.prompt(m18n.n(message))
         except NotImplementedError:
             return arg_value
 
     @classmethod
     def validate(klass, value, arg_name):
-        # Allow boolean or empty string
+        # Deprecated boolean or empty string
         if isinstance(value, bool) or (isinstance(value, str) and not value):
-            logging.debug("value of '%s' extra parameter for '%s' argument should be a string" \
-                % (klass.name, arg_name))
+            logger.warning(
+                "expecting a non-empty string for extra parameter '%s' of "
+                "argument '%s'",
+                klass.name,
+                arg_name,
+            )
             value = arg_name
         elif not isinstance(value, str):
-            raise TypeError("Invalid type of '%s' extra parameter for '%s' argument" \
-                % (klass.name, arg_name))
+            raise TypeError("parameter value must be a string, got %r" % value)
         return value
 
+
 class PasswordParameter(AskParameter):
     """
     Ask for the password argument value if possible and needed.
@@ -120,7 +152,8 @@ class PasswordParameter(AskParameter):
     when asking the password.
 
     """
-    name = 'password'
+
+    name = "password"
 
     def __call__(self, message, arg_name, arg_value):
         if arg_value:
@@ -128,10 +161,11 @@ class PasswordParameter(AskParameter):
 
         try:
             # Ask for the password
-            return msignals.prompt(m18n.n(message), True, True)
+            return Moulinette.prompt(m18n.n(message), True, True)
         except NotImplementedError:
             return arg_value
 
+
 class PatternParameter(_ExtraParameter):
     """
     Check if the argument value match a pattern.
@@ -140,32 +174,50 @@ class PatternParameter(_ExtraParameter):
     the message to display if it doesn't match.
 
     """
-    name = 'pattern'
+
+    name = "pattern"
 
     def __call__(self, arguments, arg_name, arg_value):
         pattern, message = (arguments[0], arguments[1])
 
         # Use temporarly utf-8 encoded value
         try:
-            v = unicode(arg_value, 'utf-8')
-        except:
+            v = str(arg_value, "utf-8")
+        except Exception:
             v = arg_value
 
-        if v and not re.match(pattern, v or '', re.UNICODE):
-            raise MoulinetteError(errno.EINVAL, m18n.g('invalid_argument',
-                                        arg_name, m18n.n(message)))
+        if v and not re.match(pattern, v or "", re.UNICODE):
+            logger.warning(
+                "argument value '%s' for '%s' doesn't match pattern '%s'",
+                v,
+                arg_name,
+                pattern,
+            )
+
+            # Attempt to retrieve message translation
+            msg = m18n.n(message)
+            if msg == message:
+                msg = m18n.g(message)
+
+            raise MoulinetteValidationError(
+                "invalid_argument", argument=arg_name, error=msg
+            )
         return arg_value
 
     @staticmethod
     def validate(value, arg_name):
-        # Tolerate string type
+        # Deprecated string type
         if isinstance(value, str):
-            logging.warning("value of 'pattern' extra parameter for '%s' argument should be a list" % arg_name)
-            value = [value, _("'%s' argument is not matching the pattern") % arg_name]
+            logger.warning(
+                "expecting a list as extra parameter 'pattern' of " "argument '%s'",
+                arg_name,
+            )
+            value = [value, "pattern_not_match"]  # i18n: pattern_not_match
         elif not isinstance(value, list) or len(value) != 2:
-            raise TypeError("Invalid type of 'pattern' extra parameter for '%s' argument" % arg_name)
+            raise TypeError("parameter value must be a list, got %r" % value)
         return value
 
+
 class RequiredParameter(_ExtraParameter):
     """
     Check if a required argument is defined or not.
@@ -173,31 +225,39 @@ class RequiredParameter(_ExtraParameter):
     The value of this parameter must be a boolean which is set to False by
     default.
     """
-    name = 'required'
+
+    name = "required"
 
     def __call__(self, required, arg_name, arg_value):
-        if required and (arg_value is None or arg_value == ''):
-            raise MoulinetteError(errno.EINVAL, m18n.g('argument_required',
-                                                       arg_name))
+        if required and (arg_value is None or arg_value == ""):
+            logger.warning("argument '%s' is required", arg_name)
+            raise MoulinetteValidationError("argument_required", argument=arg_name)
         return arg_value
 
     @staticmethod
     def validate(value, arg_name):
         if not isinstance(value, bool):
-            raise TypeError("Invalid type of 'required' extra parameter for '%s' argument" % arg_name)
+            raise TypeError("parameter value must be a boolean, got %r" % value)
         return value
 
+
 """
 The list of available extra parameters classes. It will keep to this list
 order on argument parsing.
 
 """
-extraparameters_list = [ AskParameter, PasswordParameter, RequiredParameter,
-                         PatternParameter ]
+extraparameters_list = [
+    CommentParameter,
+    AskParameter,
+    PasswordParameter,
+    RequiredParameter,
+    PatternParameter,
+]
 
 # Extra parameters argument Parser
 
-class ExtraArgumentParser(object):
+
+class ExtraArgumentParser:
     """
     Argument validator and parser for the extra parameters.
 
@@ -205,10 +265,11 @@ class ExtraArgumentParser(object):
         - iface -- The running interface
 
     """
+
     def __init__(self, iface):
         self.iface = iface
         self.extra = OrderedDict()
-        self._extra_params = { GLOBAL_ARGUMENT: {} }
+        self._extra_params = {"_global": {}}
 
         # Append available extra parameters for the current interface
         for klass in extraparameters_list:
@@ -226,14 +287,22 @@ class ExtraArgumentParser(object):
 
         """
         # Iterate over parameters to validate
-        for p, v in parameters.items():
+        for p in list(parameters):
             klass = self.extra.get(p, None)
             if not klass:
                 # Remove unknown parameters
                 del parameters[p]
             else:
-                # Validate parameter value
-                parameters[p] = klass.validate(v, arg_name)
+                try:
+                    # Validate parameter value
+                    parameters[p] = klass.validate(parameters[p], arg_name)
+                except Exception as e:
+                    error_message = (
+                        "unable to validate extra parameter '%s' for argument '%s': %s"
+                        % (p, arg_name, e)
+                    )
+                    logger.error(error_message)
+                    raise MoulinetteError(error_message, raw_msg=True)
 
         return parameters
 
@@ -242,7 +311,7 @@ class ExtraArgumentParser(object):
         Add extra parameters to apply on an action argument
 
         Keyword arguments:
-            - tid -- The tuple identifier of the action or GLOBAL_ARGUMENT
+            - tid -- The tuple identifier of the action or _global
                 for global extra parameters
             - arg_name -- The argument name
             - parameters -- A dict of extra parameters with their values
@@ -254,7 +323,7 @@ class ExtraArgumentParser(object):
         try:
             self._extra_params[tid][arg_name] = parameters
         except KeyError:
-            self._extra_params[tid] = { arg_name: parameters }
+            self._extra_params[tid] = OrderedDict({arg_name: parameters})
 
     def parse_args(self, tid, args):
         """
@@ -265,7 +334,7 @@ class ExtraArgumentParser(object):
             - args -- A dict of argument name associated to their value
 
         """
-        extra_args = dict(self._extra_params.get(GLOBAL_ARGUMENT, {}))
+        extra_args = OrderedDict(self._extra_params.get("_global", {}))
         extra_args.update(self._extra_params.get(tid, {}))
 
         # Iterate over action arguments with extra parameters
@@ -296,9 +365,10 @@ class ExtraArgumentParser(object):
         return args
 
 
-## Main class ----------------------------------------------------------
+# Main class ----------------------------------------------------------
 
-class ActionsMap(object):
+
+class ActionsMap:
     """Validate and process actions defined into an actions map
 
     The actions map defines the features - and their usage - of an
@@ -306,82 +376,114 @@ class ActionsMap(object):
     It is composed by categories which contain one or more action(s).
     Moreover, the action can have specific argument(s).
 
-    This class allows to manipulate one or several actions maps
-    associated to a namespace. If no namespace is given, it will load
-    all available namespaces.
-
     Keyword arguments:
-        - parser -- The BaseActionsMapParser derived class to use for
-            parsing the actions map
-        - namespaces -- The list of namespaces to use
-        - use_cache -- False if it should parse the actions map file
-            instead of using the cached one.
-
+        - top_parser -- A BaseActionsMapParser-derived instance to use for
+                        parsing the actions map
+        - load_only_category -- A name of a category that should only be the
+                        one loaded because it's been already determined
+                        that's the only one relevant ... used for optimization
+                        purposes...
     """
-    def __init__(self, parser, namespaces=[], use_cache=True):
-        self.use_cache = use_cache
-        if not issubclass(parser, BaseActionsMapParser):
-            raise ValueError("Invalid parser class '%s'" % parser.__name__)
-        self._parser_class = parser
 
-        logging.debug("initializing ActionsMap for the interface '%s'" % parser.interface)
+    def __init__(self, actionsmap_yml, top_parser, load_only_category=None):
+        assert isinstance(top_parser, BaseActionsMapParser), (
+            "Invalid parser class '%s'" % top_parser.__class__.__name__
+        )
 
-        if len(namespaces) == 0:
-            namespaces = self.get_namespaces()
-        actionsmaps = OrderedDict()
+        self.from_cache = False
 
-        # Iterate over actions map namespaces
-        for n in namespaces:
-            logging.debug("loading '%s' actions map namespace" % n)
+        logger.debug("loading actions map")
 
-            if use_cache:
-                try:
-                    # Attempt to load cache
-                    with open('%s/actionsmap/%s.pkl' % (pkg.cachedir, n)) as f:
-                        actionsmaps[n] = pickle.load(f)
-                # TODO: Switch to python3 and catch proper exception
-                except IOError:
-                    self.use_cache = False
-                    actionsmaps = self.generate_cache(namespaces)
-                    break
-            else:
-                with open('%s/actionsmap/%s.yml' % (pkg.datadir, n)) as f:
-                    actionsmaps[n] = yaml.load(f)
+        actionsmap_yml_dir = os.path.dirname(actionsmap_yml)
+        actionsmap_yml_file = os.path.basename(actionsmap_yml)
+        actionsmap_yml_stat = os.stat(actionsmap_yml)
 
-            # Load translations
-            # FIXME: Allow several namespaces in m18n
-            m18n.load_namespace(n)
+        actionsmap_pkl = f"{actionsmap_yml_dir}/.{actionsmap_yml_file}.{actionsmap_yml_stat.st_size}-{actionsmap_yml_stat.st_mtime}.pkl"
+
+        def generate_cache():
+            logger.debug("generating cache for actions map")
+
+            # Read actions map from yaml file
+            actionsmap = read_yaml(actionsmap_yml)
+
+            if not actionsmap["_global"].get("cache", True):
+                return actionsmap
+
+            # Delete old cache files
+            for old_cache in glob.glob(
+                f"{actionsmap_yml_dir}/.{actionsmap_yml_file}.*.pkl"
+            ):
+                os.remove(old_cache)
+
+            # at installation, cachedir might not exists
+            dir_ = os.path.dirname(actionsmap_pkl)
+            if not os.path.isdir(dir_):
+                os.makedirs(dir_)
+
+            # Cache actions map into pickle file
+            with open(actionsmap_pkl, "wb") as f:
+                pickle.dump(actionsmap, f)
+
+            return actionsmap
+
+        if os.path.exists(actionsmap_pkl):
+            try:
+                # Attempt to load cache
+                with open(actionsmap_pkl, "rb") as f:
+                    actionsmap = pickle.load(f)
+
+                self.from_cache = True
+            # TODO: Switch to python3 and catch proper exception
+            except (IOError, EOFError):
+                actionsmap = generate_cache()
+        else:  # cache file doesn't exists
+            actionsmap = generate_cache()
+
+        # If load_only_category is set, and *if* the target category
+        # is in the actionsmap, we'll load only that one.
+        # If we filter it even if it doesn't exist, we'll end up with a
+        # weird help message when we do a typo in the category name..
+        if load_only_category and load_only_category in actionsmap:
+            actionsmap = {
+                k: v
+                for k, v in actionsmap.items()
+                if k in [load_only_category, "_global"]
+            }
 
         # Generate parsers
-        self.extraparser = ExtraArgumentParser(parser.interface)
-        self._parser = self._construct_parser(actionsmaps)
+        self.extraparser = ExtraArgumentParser(top_parser.interface)
+        self.parser = self._construct_parser(actionsmap, top_parser)
 
-    @property
-    def parser(self):
-        """Return the instance of the interface's actions map parser"""
-        return self._parser
+    @cache
+    def get_authenticator(self, auth_method):
+        if auth_method == "default":
+            auth_method = self.default_authentication
 
-    def get_authenticator(self, profile='default'):
-        """Get an authenticator instance
-
-        Retrieve the authenticator for the given profile and return a
-        new instance.
-
-        Keyword arguments:
-            - profile -- An authenticator profile name
-
-        Returns:
-            A new _BaseAuthenticator derived instance
-
-        """
+        # Load and initialize the authenticator module
+        auth_module = f"{self.namespace}.authenticators.{auth_method}"
+        logger.debug(f"Loading auth module {auth_module}")
         try:
-            auth = self.parser.get_global_conf('authenticator', profile)[1]
-        except KeyError:
-            raise ValueError("Unknown authenticator profile '%s'" % profile)
-        else:
-            return auth()
+            mod = import_module(auth_module)
+        except ImportError as e:
+            import traceback
 
-    def process(self, args, timeout=0, **kwargs):
+            traceback.print_exc()
+            raise MoulinetteError(
+                f"unable to load authenticator {auth_module} : {e}", raw_msg=True
+            )
+        else:
+            return mod.Authenticator()
+
+    def check_authentication_if_required(self, *args, **kwargs):
+        auth_method = self.parser.auth_method(*args, **kwargs)
+
+        if auth_method is None:
+            return
+
+        authenticator = self.get_authenticator(auth_method)
+        Moulinette.interface.authenticate(authenticator)
+
+    def process(self, args, timeout=None, **kwargs):
         """
         Parse arguments and process the proper action
 
@@ -392,179 +494,222 @@ class ActionsMap(object):
             - **kwargs -- Additional interface arguments
 
         """
+
+        # Perform authentication if needed
+        self.check_authentication_if_required(args, **kwargs)
+
         # Parse arguments
         arguments = vars(self.parser.parse_args(args, **kwargs))
 
         # Retrieve tid and parse arguments with extra parameters
-        tid = arguments.pop('_tid')
+        tid = arguments.pop("_tid")
         arguments = self.extraparser.parse_args(tid, arguments)
 
+        want_to_take_lock = self.parser.want_to_take_lock(args, **kwargs)
+
         # Retrieve action information
-        namespace, category, action = tid
-        func_name = '%s_%s' % (category, action.replace('-', '_'))
+        if len(tid) == 4:
+            namespace, category, subcategory, action = tid
+            func_name = "{}_{}_{}".format(
+                category,
+                subcategory.replace("-", "_"),
+                action.replace("-", "_"),
+            )
+            full_action_name = "{}.{}.{}.{}".format(
+                namespace,
+                category,
+                subcategory,
+                action,
+            )
+        else:
+            assert len(tid) == 3
+            namespace, category, action = tid
+            subcategory = None
+            func_name = "{}_{}".format(category, action.replace("-", "_"))
+            full_action_name = "{}.{}.{}".format(namespace, category, action)
 
         # Lock the moulinette for the namespace
-        with MoulinetteLock(namespace, timeout):
+        with MoulinetteLock(namespace, timeout, self.enable_lock and want_to_take_lock):
+            start = time()
             try:
-                mod = __import__('%s.%s' % (namespace, category),
-                                 globals=globals(), level=0,
-                                 fromlist=[func_name])
+                mod = __import__(
+                    "{}.{}".format(namespace, category),
+                    globals=globals(),
+                    level=0,
+                    fromlist=[func_name],
+                )
+                logger.debug(
+                    "loading python module %s took %.3fs",
+                    "{}.{}".format(namespace, category),
+                    time() - start,
+                )
                 func = getattr(mod, func_name)
-            except (AttributeError, ImportError):
-                raise ImportError("Unable to load function %s.%s/%s"
-                        % (namespace, category, func_name))
+            except (AttributeError, ImportError) as e:
+                import traceback
+
+                traceback.print_exc()
+                error_message = "unable to load function {}.{} because: {}".format(
+                    namespace,
+                    func_name,
+                    e,
+                )
+                logger.exception(error_message)
+                raise MoulinetteError(error_message, raw_msg=True)
             else:
+                log_id = start_action_logging()
+                if logger.isEnabledFor(logging.DEBUG):
+                    # Log arguments in debug mode only for safety reasons
+                    logger.debug(
+                        "processing action [%s]: %s with args=%s",
+                        log_id,
+                        full_action_name,
+                        arguments,
+                    )
+                else:
+                    logger.debug("processing action [%s]: %s", log_id, full_action_name)
+
                 # Load translation and process the action
-                m18n.load_namespace(namespace)
-                return func(**arguments)
+                start = time()
+                try:
+                    return func(**arguments)
+                finally:
+                    stop = time()
+                    logger.debug("action [%s] executed in %.3fs", log_id, stop - start)
 
-    @staticmethod
-    def get_namespaces():
-        """
-        Retrieve available actions map namespaces
+    # Private methods
 
-        Returns:
-            A list of available namespaces
-
-        """
-        namespaces = []
-
-        for f in os.listdir('%s/actionsmap' % pkg.datadir):
-            if f.endswith('.yml'):
-                namespaces.append(f[:-4])
-        return namespaces
-
-    @classmethod
-    def generate_cache(klass, namespaces=None):
-        """
-        Generate cache for the actions map's file(s)
-
-        Keyword arguments:
-            - namespaces -- A list of namespaces to generate cache for
-
-        Returns:
-            A dict of actions map for each namespaces
-
-        """
-        actionsmaps = {}
-        if not namespaces:
-            namespaces = klass.get_namespaces()
-
-        # Iterate over actions map namespaces
-        for n in namespaces:
-            logging.debug("generating cache for '%s' actions map namespace" % n)
-
-            # Read actions map from yaml file
-            am_file = '%s/actionsmap/%s.yml' % (pkg.datadir, n)
-            with open(am_file, 'r') as f:
-                actionsmaps[n] = yaml.load(f)
-
-            # Cache actions map into pickle file
-            with pkg.open_cachefile('%s.pkl' % n, 'w', subdir='actionsmap') as f:
-                pickle.dump(actionsmaps[n], f)
-
-        return actionsmaps
-
-
-    ## Private methods
-
-    def _construct_parser(self, actionsmaps):
+    def _construct_parser(self, actionsmap, top_parser):
         """
         Construct the parser with the actions map
 
         Keyword arguments:
-            - actionsmaps -- A dict of multi-level dictionnary of
-                categories/actions/arguments list for each namespaces
+            - actionsmap -- A dictionnary of categories/actions/arguments list
+            - top_parser -- A BaseActionsMapParser-derived instance to use for
+                parsing the actions map
 
         Returns:
             An interface relevant's parser object
 
         """
-        ## Get extra parameters
-        if not self.use_cache:
-            validate_extra = True
-        else:
-            validate_extra = False
 
-        ## Add arguments to the parser
-        def _add_arguments(tid, parser, arguments):
-            for argn, argp in arguments.items():
-                names = top_parser.format_arg_names(argn,
-                                                    argp.pop('full', None))
-                try: argp['type'] = eval(argp['type'])
-                except: pass
+        logger.debug("building parser...")
+        start = time()
 
-                try:
-                    extra = argp.pop('extra')
-                    arg_dest = (parser.add_argument(*names, **argp)).dest
-                    self.extraparser.add_argument(tid, arg_dest, extra,
-                                                  validate_extra)
-                except KeyError:
-                    # No extra parameters
-                    parser.add_argument(*names, **argp)
+        interface_type = top_parser.interface
 
-        # Instantiate parser
-        top_parser = self._parser_class()
+        # If loading from cache, extra were already checked when cache was
+        # loaded ? Not sure about this ... old code is a bit mysterious...
+        validate_extra = not self.from_cache
 
-        # Iterate over actions map namespaces
-        for n, actionsmap in actionsmaps.items():
-            # Retrieve global parameters
-            _global = actionsmap.pop('_global', {})
+        # namespace, actionsmap is a tuple where:
+        #
+        # * namespace define the top "name", for us it will always be
+        #   "yunohost" and there well be only this one
+        # * actionsmap is the actual actionsmap that we care about
 
-            # -- Parse global configuration
-            if 'configuration' in _global:
-                # Set global configuration
-                top_parser.set_global_conf(_global['configuration'])
+        # Retrieve global parameters
+        _global = actionsmap.pop("_global", {})
 
-            # -- Parse global arguments
-            if 'arguments' in _global:
-                try:
-                    # Get global arguments parser
-                    parser = top_parser.add_global_parser()
-                except AttributeError:
-                    # No parser for global arguments
-                    pass
-                else:
-                    # Add arguments
-                    _add_arguments(GLOBAL_ARGUMENT, parser,
-                                   _global['arguments'])
+        self.namespace = _global["namespace"]
+        self.enable_lock = _global.get("lock", True)
+        self.default_authentication = _global["authentication"][interface_type]
 
-            # -- Parse categories
-            for cn, cp in actionsmap.items():
-                try:
-                    actions = cp.pop('actions')
-                except KeyError:
-                    # Invalid category without actions
-                    logging.warning("no actions found in category '%s'" % cn)
+        # category_name is stuff like "user", "domain", "hooks"...
+        # category_values is the values of this category (like actions)
+        for category_name, category_values in actionsmap.items():
+            actions = category_values.pop("actions", {})
+            subcategories = category_values.pop("subcategories", {})
+
+            # Get category parser
+            category_parser = top_parser.add_category_parser(
+                category_name, **category_values
+            )
+
+            # action_name is like "list" of "domain list"
+            # action_options are the values
+            for action_name, action_options in actions.items():
+                arguments = action_options.pop("arguments", {})
+                authentication = action_options.pop("authentication", {})
+                tid = (self.namespace, category_name, action_name)
+
+                # Get action parser
+                action_parser = category_parser.add_action_parser(
+                    action_name, tid, **action_options
+                )
+
+                if action_parser is None:  # No parser for the action
                     continue
 
-                # Get category parser
-                cat_parser = top_parser.add_category_parser(cn, **cp)
+                # Store action identifier and add arguments
+                action_parser.set_defaults(_tid=tid)
+                action_parser.add_arguments(
+                    arguments,
+                    extraparser=self.extraparser,
+                    format_arg_names=top_parser.format_arg_names,
+                    validate_extra=validate_extra,
+                )
 
-                # -- Parse actions
-                for an, ap in actions.items():
-                    args = ap.pop('arguments', {})
-                    tid = (n, cn, an)
-                    try:
-                        conf = ap.pop('configuration')
-                        _set_conf = lambda p: p.set_conf(tid, conf)
-                    except KeyError:
-                        # No action configuration
-                        _set_conf = lambda p: False
+                action_parser.authentication = self.default_authentication
+                if interface_type in authentication:
+                    action_parser.authentication = authentication[interface_type]
+
+                # Disable the locking mechanism for all actions that are 'GET' actions on the api
+                routes = action_options.get("api")
+                routes = [routes] if isinstance(routes, str) else routes
+                if routes and all(route.startswith("GET ") for route in routes):
+                    action_parser.want_to_take_lock = False
+                else:
+                    action_parser.want_to_take_lock = True
+
+            # subcategory_name is like "cert" in "domain cert status"
+            # subcategory_values is the values of this subcategory (like actions)
+            for subcategory_name, subcategory_values in subcategories.items():
+                actions = subcategory_values.pop("actions")
+
+                # Get subcategory parser
+                subcategory_parser = category_parser.add_subcategory_parser(
+                    subcategory_name, **subcategory_values
+                )
+
+                # action_name is like "status" of "domain cert status"
+                # action_options are the values
+                for action_name, action_options in actions.items():
+                    arguments = action_options.pop("arguments", {})
+                    authentication = action_options.pop("authentication", {})
+                    tid = (self.namespace, category_name, subcategory_name, action_name)
 
                     try:
                         # Get action parser
-                        parser = cat_parser.add_action_parser(an, tid, **ap)
+                        action_parser = subcategory_parser.add_action_parser(
+                            action_name, tid, **action_options
+                        )
                     except AttributeError:
                         # No parser for the action
                         continue
-                    except ValueError as e:
-                        logging.warning("cannot add action (%s, %s, %s): %s" % (n, cn, an, e))
-                        continue
-                    else:
-                        # Store action identifier and add arguments
-                        parser.set_defaults(_tid=tid)
-                        _add_arguments(tid, parser, args)
-                        _set_conf(cat_parser)
 
+                    if action_parser is None:  # No parser for the action
+                        continue
+
+                    # Store action identifier and add arguments
+                    action_parser.set_defaults(_tid=tid)
+                    action_parser.add_arguments(
+                        arguments,
+                        extraparser=self.extraparser,
+                        format_arg_names=top_parser.format_arg_names,
+                        validate_extra=validate_extra,
+                    )
+
+                    action_parser.authentication = self.default_authentication
+                    if interface_type in authentication:
+                        action_parser.authentication = authentication[interface_type]
+
+                    # Disable the locking mechanism for all actions that are 'GET' actions on the api
+                    routes = action_options.get("api")
+                    routes = [routes] if isinstance(routes, str) else routes
+                    if routes and all(route.startswith("GET ") for route in routes):
+                        action_parser.want_to_take_lock = False
+                    else:
+                        action_parser.want_to_take_lock = True
+
+        logger.debug("building parser took %.3fs", time() - start)
         return top_parser

moulinette/authentication.py

@@ -0,0 +1,40 @@
+# -*- coding: utf-8 -*-
+
+import logging
+
+from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
+
+logger = logging.getLogger("moulinette.authenticator")
+
+
+# Base Class -----------------------------------------------------------
+
+
+class BaseAuthenticator:
+    """Authenticator base representation
+
+    Each authenticators must implement an Authenticator class derived
+    from this class which must overrides virtual properties and methods.
+    It is used to authenticate and manage session. It implements base
+    methods to authenticate with credentials or a session token.
+
+    Authenticators configurations are identified by a profile name which
+    must be given on instantiation - with the corresponding vendor
+    configuration of the authenticator.
+
+    """
+
+    # Virtual methods
+    # Each authenticator classes must implement these methods.
+
+    def authenticate_credentials(self, credentials):
+        try:
+            # Attempt to authenticate
+            auth_info = self._authenticate_credentials(credentials) or {}
+        except MoulinetteError:
+            raise
+        except Exception as e:
+            logger.exception(f"authentication {self.name} failed because '{e}'")
+            raise MoulinetteAuthenticationError("unable_authenticate")
+
+        return auth_info

moulinette/authenticators/__init__.py

@@ -1,148 +0,0 @@
-# -*- coding: utf-8 -*-
-
-import errno
-import gnupg
-import logging
-
-from moulinette.core import MoulinetteError
-
-# Base Class -----------------------------------------------------------
-
-class BaseAuthenticator(object):
-    """Authenticator base representation
-
-    Each authenticators must implement an Authenticator class derived
-    from this class which must overrides virtual properties and methods.
-    It is used to authenticate and manage session. It implements base
-    methods to authenticate with a password or a session token.
-
-    Authenticators configurations are identified by a profile name which
-    must be given on instantiation - with the corresponding vendor
-    configuration of the authenticator.
-
-    Keyword arguments:
-        - name -- The authenticator profile name
-
-    """
-    def __init__(self, name):
-        self._name = name
-
-    @property
-    def name(self):
-        """Return the name of the authenticator instance"""
-        return self._name
-
-
-    ## Virtual properties
-    # Each authenticator classes must implement these properties.
-
-    """The vendor name of the authenticator"""
-    vendor = None
-
-    @property
-    def is_authenticated(self):
-        """Either the instance is authenticated or not"""
-        raise NotImplementedError("derived class '%s' must override this property" % \
-                                      self.__class__.__name__)
-
-
-    ## Virtual methods
-    # Each authenticator classes must implement these methods.
-
-    def authenticate(password=None):
-        """Attempt to authenticate
-
-        Attempt to authenticate with given password. It should raise an
-        AuthenticationError exception if authentication fails.
-
-        Keyword arguments:
-            - password -- A clear text password
-
-        """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
-
-
-    ## Authentication methods
-
-    def __call__(self, password=None, token=None):
-        """Attempt to authenticate
-
-        Attempt to authenticate either with password or with session
-        token if 'password' is None. If the authentication succeed, the
-        instance is returned and the session is registered for the token
-        if 'token' and 'password' are given.
-        The token is composed by the session identifier and a session
-        hash - to use for encryption - as a 2-tuple.
-
-        Keyword arguments:
-            - password -- A clear text password
-            - token -- The session token in the form of (id, hash)
-
-        Returns:
-            The authenticated instance
-
-        """
-        if self.is_authenticated:
-            return self
-        store_session = True if password and token else False
-
-        if token:
-            try:
-                # Extract id and hash from token
-                s_id, s_hash = token
-            except TypeError:
-                if not password:
-                    raise ValueError("Invalid token format")
-                else:
-                    # TODO: Log error
-                    store_session = False
-            else:
-                if password is None:
-                    # Retrieve session
-                    password = self._retrieve_session(s_id, s_hash)
-
-        try:
-            # Attempt to authenticate
-            self.authenticate(password)
-        except MoulinetteError:
-            raise
-        except Exception as e:
-            logging.error("authentication (name: '%s', type: '%s') fails: %s" \
-                    % (self.name, self.vendor, e))
-            raise MoulinetteError(errno.EACCES, m18n.g('unable_authenticate'))
-
-        # Store session
-        if store_session:
-            self._store_session(s_id, s_hash, password)
-
-        return self
-
-
-    ## Private methods
-
-    def _open_sessionfile(self, session_id, mode='r'):
-        """Open a session file for this instance in given mode"""
-        return pkg.open_cachefile('%s.asc' % session_id, mode,
-                                  subdir='session/%s' % self.name)
-
-    def _store_session(self, session_id, session_hash, password):
-        """Store a session and its associated password"""
-        gpg = gnupg.GPG()
-        gpg.encoding = 'utf-8'
-        with self._open_sessionfile(session_id, 'w') as f:
-            f.write(str(gpg.encrypt(password, None, symmetric=True,
-                                    passphrase=session_hash)))
-
-    def _retrieve_session(self, session_id, session_hash):
-        """Retrieve a session and return its associated password"""
-        try:
-            with self._open_sessionfile(session_id, 'r') as f:
-                enc_pwd = f.read()
-        except IOError:
-            raise MoulinetteError(errno.ENOENT,
-                                  m18r.g('unable_retrieve_session'))
-        else:
-            gpg = gnupg.GPG()
-            gpg.encoding = 'utf-8'
-            return str(gpg.decrypt(enc_pwd, passphrase=session_hash))

moulinette/authenticators/ldap.py

@@ -1,197 +0,0 @@
-# -*- coding: utf-8 -*-
-
-# TODO: Use Python3 to remove this fix!
-from __future__ import absolute_import
-import errno
-import ldap
-import ldap.modlist as modlist
-
-from moulinette.core import MoulinetteError
-from moulinette.authenticators import BaseAuthenticator
-
-# LDAP Class Implementation --------------------------------------------
-
-class Authenticator(BaseAuthenticator):
-    """LDAP Authenticator
-
-    Initialize a LDAP connexion for the given arguments. It attempts to
-    authenticate a user if 'user_rdn' is given - by associating user_rdn
-    and base_dn - and provides extra methods to manage opened connexion.
-
-    Keyword arguments:
-        - uri -- The LDAP server URI
-        - base_dn -- The base dn
-        - user_rdn -- The user rdn to authenticate
-
-    """
-    def __init__(self, name, uri, base_dn, user_rdn=None):
-        super(Authenticator, self).__init__(name)
-
-        self.uri = uri
-        self.basedn = base_dn
-        if user_rdn:
-            self.userdn = '%s,%s' % (user_rdn, base_dn)
-            self.con = None
-        else:
-            # Initialize anonymous usage
-            self.userdn = ''
-            self.authenticate(None)
-
-
-    ## Implement virtual properties
-
-    vendor = 'ldap'
-
-    @property
-    def is_authenticated(self):
-        try:
-            # Retrieve identity
-            who = self.con.whoami_s()
-        except:
-            return False
-        else:
-            if who[3:] == self.userdn:
-                return True
-        return False
-
-
-    ## Implement virtual methods
-
-    def authenticate(self, password):
-        try:
-            con = ldap.initialize(self.uri)
-            if self.userdn:
-                con.simple_bind_s(self.userdn, password)
-            else:
-                con.simple_bind_s()
-        except ldap.INVALID_CREDENTIALS:
-            raise MoulinetteError(errno.EACCES, m18n.g('invalid_password'))
-        except ldap.SERVER_DOWN:
-            raise MoulinetteError(169, m18n.g('ldap_server_down'))
-        else:
-            self.con = con
-
-
-    ## Additional LDAP methods
-    # TODO: Review these methods
-
-    def search(self, base=None, filter='(objectClass=*)', attrs=['dn']):
-        """Search in LDAP base
-
-        Perform an LDAP search operation with given arguments and return
-        results as a list.
-
-        Keyword arguments:
-            - base -- The dn to search into
-            - filter -- A string representation of the filter to apply
-            - attrs -- A list of attributes to fetch
-
-        Returns:
-            A list of all results
-
-        """
-        if not base:
-            base = self.basedn
-
-        try:
-            result = self.con.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs)
-        except:
-            raise MoulinetteError(169, m18n.g('ldap_operation_error'))
-
-        result_list = []
-        if not attrs or 'dn' not in attrs:
-            result_list = [entry for dn, entry in result]
-        else:
-            for dn, entry in result:
-                entry['dn'] = [dn]
-                result_list.append(entry)
-        return result_list
-
-    def add(self, rdn, attr_dict):
-        """
-        Add LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-            attr_dict   -- Dictionnary of attributes/values to add
-
-        Returns:
-            Boolean | MoulinetteError
-
-        """
-        dn = rdn + ',' + self.basedn
-        ldif = modlist.addModlist(attr_dict)
-
-        try:
-            self.con.add_s(dn, ldif)
-        except:
-            raise MoulinetteError(169, m18n.g('ldap_operation_error'))
-        else:
-            return True
-
-    def remove(self, rdn):
-        """
-        Remove LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-
-        Returns:
-            Boolean | MoulinetteError
-
-        """
-        dn = rdn + ',' + self.basedn
-        try:
-            self.con.delete_s(dn)
-        except:
-            raise MoulinetteError(169, m18n.g('ldap_operation_error'))
-        else:
-            return True
-
-    def update(self, rdn, attr_dict, new_rdn=False):
-        """
-        Modify LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-            attr_dict   -- Dictionnary of attributes/values to add
-            new_rdn     -- New RDN for modification
-
-        Returns:
-            Boolean | MoulinetteError
-
-        """
-        dn = rdn + ',' + self.basedn
-        actual_entry = self.search(base=dn, attrs=None)
-        ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)
-
-        try:
-            if new_rdn:
-                self.con.rename_s(dn, new_rdn)
-                dn = new_rdn + ',' + self.basedn
-
-            self.con.modify_ext_s(dn, ldif)
-        except:
-            raise MoulinetteError(169, m18n.g('ldap_operation_error'))
-        else:
-            return True
-
-    def validate_uniqueness(self, value_dict):
-        """
-        Check uniqueness of values
-
-        Keyword arguments:
-            value_dict -- Dictionnary of attributes/values to check
-
-        Returns:
-            Boolean | MoulinetteError
-
-        """
-        for attr, value in value_dict.items():
-            if not self.search(filter=attr + '=' + value):
-                continue
-            else:
-                raise MoulinetteError(errno.EEXIST,
-                                      m18n.g('ldap_attribute_already_exists',
-                                             attr, value))
-        return True

moulinette/core.py

@@ -1,118 +1,23 @@
 # -*- coding: utf-8 -*-
 
 import os
-import sys
 import time
 import json
-import errno
 import logging
 
-from importlib import import_module
+import moulinette
 
-# Package manipulation -------------------------------------------------
-
-class Package(object):
-    """Package representation and easy access methods
-
-    Initialize directories and variables for the package and give them
-    easy access.
-
-    Keyword arguments:
-        - _from_source -- Either the package is running from source or
-            not (only for debugging)
-
-    """
-    def __init__(self, _from_source=False):
-        if _from_source:
-            import sys
-            basedir = os.path.abspath(os.path.dirname(sys.argv[0]) +'/../')
-
-            # Set local directories
-            self._datadir = '%s/data' % basedir
-            self._libdir = '%s/lib' % basedir
-            self._localedir = '%s/locales' % basedir
-            self._cachedir = '%s/cache' % basedir
-        else:
-            import package
-
-            # Set system directories
-            self._datadir = package.datadir
-            self._libdir = package.libdir
-            self._localedir = package.localedir
-            self._cachedir = package.cachedir
-
-    def __setattr__(self, name, value):
-        if name[0] == '_' and self.__dict__.has_key(name):
-            # Deny reassignation of package directories
-            raise TypeError("cannot reassign constant '%s'")
-        self.__dict__[name] = value
+logger = logging.getLogger("moulinette.core")
 
 
-    ## Easy access to package directories
-
-    @property
-    def datadir(self):
-        """Return the data directory of the package"""
-        return self._datadir
-
-    @property
-    def libdir(self):
-        """Return the lib directory of the package"""
-        return self._libdir
-
-    @property
-    def localedir(self):
-        """Return the locale directory of the package"""
-        return self._localedir
-
-    @property
-    def cachedir(self):
-        """Return the cache directory of the package"""
-        return self._cachedir
-
-
-    ## Additional methods
-
-    def get_cachedir(self, subdir='', make_dir=True):
-        """Get the path to a cache directory
-
-        Return the path to the cache directory from an optional
-        subdirectory and create it if needed.
-
-        Keyword arguments:
-            - subdir -- A cache subdirectory
-            - make_dir -- False to not make directory if it not exists
-
-        """
-        path = os.path.join(self.cachedir, subdir)
-
-        if make_dir and not os.path.isdir(path):
-            os.makedirs(path)
-        return path
-
-    def open_cachefile(self, filename, mode='r', **kwargs):
-        """Open a cache file and return a stream
-
-        Attempt to open in 'mode' the cache file 'filename' from the
-        default cache directory and in the subdirectory 'subdir' if
-        given. Directories are created if needed and a stream is
-        returned if the file can be written.
-
-        Keyword arguments:
-            - filename -- The cache filename
-            - mode -- The mode in which the file is opened
-            - **kwargs -- Optional arguments for get_cachedir
-
-        """
-        # Set make_dir if not given
-        kwargs['make_dir'] = kwargs.get('make_dir',
-                                        True if mode[0] == 'w' else False)
-        return open('%s/%s' % (self.get_cachedir(**kwargs), filename), mode)
+def during_unittests_run():
+    return "TESTS_RUN" in os.environ
 
 
 # Internationalization -------------------------------------------------
 
-class Translator(object):
+
+class Translator:
     """Internationalization class
 
     Provide an internationalization mechanism based on JSON files to
@@ -123,15 +28,17 @@ class Translator(object):
         - default_locale -- The default locale to use
 
     """
-    def __init__(self, locale_dir, default_locale='en'):
+
+    def __init__(self, locale_dir, default_locale="en"):
         self.locale_dir = locale_dir
         self.locale = default_locale
         self._translations = {}
 
         # Attempt to load default translations
         if not self._load_translations(default_locale):
-            raise ValueError("Unable to load locale '%s' from '%s'"
-                    % (default_locale, locale_dir))
+            logger.error(
+                f"unable to load locale '{default_locale}' from '{locale_dir}'. Does the file '{locale_dir}/{default_locale}.json' exists?",
+            )
         self.default_locale = default_locale
 
     def get_locales(self):
@@ -139,7 +46,7 @@ class Translator(object):
         locales = []
 
         for f in os.listdir(self.locale_dir):
-            if f.endswith('.json'):
+            if f.endswith(".json"):
                 # TODO: Validate locale
                 locales.append(f[:-5])
         return locales
@@ -159,8 +66,11 @@ class Translator(object):
         """
         if locale not in self._translations:
             if not self._load_translations(locale):
-                logging.info("unable to load locale '%s' from '%s'"
-                        % (self.default_locale, self.locale_dir))
+                logger.debug(
+                    "unable to load locale '%s' from '%s'",
+                    self.default_locale,
+                    self.locale_dir,
+                )
 
                 # Revert to default locale
                 self.locale = self.default_locale
@@ -170,6 +80,9 @@ class Translator(object):
         self.locale = locale
         return True
 
+    def key_exists(self, key):
+        return key in self._translations[self.default_locale]
+
     def translate(self, key, *args, **kwargs):
         """Retrieve proper translation for a key
 
@@ -180,18 +93,56 @@ class Translator(object):
             - key -- The key to translate
 
         """
-        try:
-            value = self._translations[self.locale][key]
-        except KeyError:
+        failed_to_format = False
+        if key in self._translations.get(self.locale, {}):
             try:
-                value = self._translations[self.default_locale][key]
-                logging.info("untranslated key '%s' for locale '%s'" %
-                        (key, self.locale))
-            except KeyError:
-                logging.warning("unknown key '%s' for locale '%s'" %
-                        (key, self.default_locale))
-                return key
-        return value.encode('utf-8').format(*args, **kwargs)
+                return self._translations[self.locale][key].format(*args, **kwargs)
+            except Exception as e:
+                unformatted_string = self._translations[self.locale][key]
+                error_message = (
+                    "Failed to format translated string '%s': '%s' with arguments '%s' and '%s, raising error: %s(%s) (don't panic this is just a warning)"
+                    % (key, unformatted_string, args, kwargs, e.__class__.__name__, e)
+                )
+
+                if not during_unittests_run():
+                    logger.warning(error_message)
+                else:
+                    raise Exception(error_message)
+
+                failed_to_format = True
+
+        if failed_to_format or (
+            self.default_locale != self.locale
+            and key in self._translations.get(self.default_locale, {})
+        ):
+            try:
+                return self._translations[self.default_locale][key].format(
+                    *args, **kwargs
+                )
+            except Exception as e:
+                unformatted_string = self._translations[self.default_locale][key]
+                error_message = (
+                    "Failed to format translatable string '%s': '%s' with arguments '%s' and '%s', raising  error: %s(%s) (don't panic this is just a warning)"
+                    % (key, unformatted_string, args, kwargs, e.__class__.__name__, e)
+                )
+                if not during_unittests_run():
+                    logger.warning(error_message)
+                else:
+                    raise Exception(error_message)
+
+                return self._translations[self.default_locale][key]
+
+        error_message = (
+            "unable to retrieve string to translate with key '%s' for default locale 'locales/%s.json' file (don't panic this is just a warning)"
+            % (key, self.default_locale)
+        )
+
+        if not during_unittests_run():
+            logger.warning(error_message)
+        else:
+            raise Exception(error_message)
+
+        return key
 
     def _load_translations(self, locale, overwrite=False):
         """Load translations for a locale
@@ -211,8 +162,8 @@ class Translator(object):
             return True
 
         try:
-            with open('%s/%s.json' % (self.locale_dir, locale), 'r') as f:
-                j = json.load(f, 'utf-8')
+            with open(f"{self.locale_dir}/{locale}.json", "r", encoding="utf-8") as f:
+                j = json.load(f)
         except IOError:
             return False
         else:
@@ -220,7 +171,7 @@ class Translator(object):
         return True
 
 
-class Moulinette18n(object):
+class Moulinette18n:
     """Internationalization service for the moulinette
 
     Manage internationalization and access to the proper keys translation
@@ -231,41 +182,29 @@ class Moulinette18n(object):
         - default_locale -- The default locale to use
 
     """
-    def __init__(self, package, default_locale='en'):
+
+    def __init__(self, default_locale="en"):
         self.default_locale = default_locale
         self.locale = default_locale
-        self.pkg = package
 
-        # Init translators
-        self._global = Translator(self.pkg.localedir, default_locale)
-        self._namespace = None
+        # Init global translator
+        global_locale_dir = "/usr/share/moulinette/locales"
+        if during_unittests_run():
+            global_locale_dir = os.path.dirname(__file__) + "/../locales"
 
-    def load_namespace(self, namespace):
-        """Load the namespace to use
+        self._global = Translator(global_locale_dir, default_locale)
 
-        Load and set translations of a given namespace. Those translations
-        are accessible with Moulinette18n.n().
-
-        Keyword arguments:
-            - namespace -- The namespace to load
-
-        """
-        if self._namespace and self._namespace[0] == namespace:
-            return
-
-        self._namespace = (namespace, Translator('%s/%s/locales'
-                % (self.pkg.libdir, namespace), self.default_locale))
-        self._namespace[1].set_locale(self.locale)
+    def set_locales_dir(self, locales_dir):
+        self.translator = Translator(locales_dir, self.default_locale)
 
     def set_locale(self, locale):
         """Set the locale to use"""
+
         self.locale = locale
-
         self._global.set_locale(locale)
-        if self._namespace:
-            self._namespace[1].set_locale(locale)
+        self.translator.set_locale(locale)
 
-    def g(self, key, *args, **kwargs):
+    def g(self, key: str, *args, **kwargs) -> str:
         """Retrieve proper translation for a moulinette key
 
         Attempt to retrieve value for a key from moulinette translations
@@ -277,225 +216,58 @@ class Moulinette18n(object):
         """
         return self._global.translate(key, *args, **kwargs)
 
-    def n(self, key, *args, **kwargs):
+    def n(self, key: str, *args, **kwargs) -> str:
         """Retrieve proper translation for a moulinette key
 
-        Attempt to retrieve value for a key from loaded namespace translations
-        using the current locale or the default locale if 'key' is not found.
+        Attempt to retrieve value for a key from current loaded namespace
+        translations using the current locale or the default one if 'key' is
+        not found.
 
         Keyword arguments:
             - key -- The key to translate
 
         """
-        if not self._namespace:
-            logging.error("attempt to retrieve translation for key '%s' " \
-                          "but no namespace is loaded" % key)
-            return key
-        return self._namespace[1].translate(key, *args, **kwargs)
+        return self.translator.translate(key, *args, **kwargs)
 
-
-class MoulinetteSignals(object):
-    """Signals connector for the moulinette
-
-    Allow to easily connect signals from the moulinette to handlers. A
-    signal is emitted by calling the relevant method which call the
-    handler.
-    For the moment, a return value can be requested by a signal to its
-    connected handler - make them not real-signals.
-
-    Keyword arguments:
-        - kwargs -- A dict of {signal: handler} to connect
-
-    """
-    def __init__(self, **kwargs):
-        # Initialize handlers
-        for s in self.signals:
-            self.clear_handler(s)
-
-        # Iterate over signals to connect
-        for s, h in kwargs.items():
-            self.set_handler(s, h)
-
-    def set_handler(self, signal, handler):
-        """Set the handler for a signal"""
-        if signal not in self.signals:
-            raise ValueError("unknown signal '%s'" % signal)
-        setattr(self, '_%s' % signal, handler)
-
-    def clear_handler(self, signal):
-        """Clear the handler of a signal"""
-        if signal not in self.signals:
-            raise ValueError("unknown signal '%s'" % signal)
-        setattr(self, '_%s' % signal, self._notimplemented)
-
-
-    ## Signals definitions
-
-    """The list of available signals"""
-    signals = { 'authenticate', 'prompt', 'display' }
-
-    def authenticate(self, authenticator, help):
-        """Process the authentication
-
-        Attempt to authenticate to the given authenticator and return
-        it.
-        It is called when authentication is needed (e.g. to process an
-        action).
+    def key_exists(self, key: str) -> bool:
+        """Check if a key exists in the translation files
 
         Keyword arguments:
-            - authenticator -- The authenticator object to use
-            - help -- A help message for the authenticator
-
-        Returns:
-            The authenticator object
+            - key -- The key to translate
 
         """
-        if authenticator.is_authenticated:
-            return authenticator
-
-        # Retrieve help translation since it's not loaded yet
-        if help:
-            help = m18n.n(help)
-        return self._authenticate(authenticator, help)
-
-    def prompt(self, message, is_password=False, confirm=False):
-        """Prompt for a value
-
-        Prompt the interface for a parameter value which is a password
-        if 'is_password' and must be confirmed if 'confirm'.
-        Is is called when a parameter value is needed and when the
-        current interface should allow user interaction (e.g. to parse
-        extra parameter 'ask' in the cli).
-
-        Keyword arguments:
-            - message -- The message to display
-            - is_password -- True if the parameter is a password
-            - confirm -- True if the value must be confirmed
-
-        Returns:
-            The collected value
-
-        """
-        return self._prompt(message, is_password, confirm)
-
-    def display(self, message, style='info'):
-        """Display a message
-
-        Display a message with a given style to the user.
-        It is called when a message should be printed to the user if the
-        current interface allows user interaction (e.g. print a success
-        message to the user).
-
-        Keyword arguments:
-            - message -- The message to display
-            - style -- The type of the message. Possible values are:
-                info, success, warning
-
-        """
-        try:
-            self._display(message, style)
-        except NotImplementedError:
-            pass
-
-    @staticmethod
-    def _notimplemented(*args, **kwargs):
-        raise NotImplementedError("this signal is not handled")
-
-
-# Interfaces & Authenticators management -------------------------------
-
-def init_interface(name, kwargs={}, actionsmap={}):
-    """Return a new interface instance
-
-    Retrieve the given interface module and return a new instance of its
-    Interface class. It is initialized with arguments 'kwargs' and
-    connected to 'actionsmap' if it's an ActionsMap object, otherwise
-    a new ActionsMap instance will be initialized with arguments
-    'actionsmap'.
-
-    Keyword arguments:
-        - name -- The interface name
-        - kwargs -- A dict of arguments to pass to Interface
-        - actionsmap -- Either an ActionsMap instance or a dict of
-            arguments to pass to ActionsMap
-
-    """
-    from moulinette.actionsmap import ActionsMap
-
-    try:
-        mod = import_module('moulinette.interfaces.%s' % name)
-    except ImportError as e:
-        # TODO: List available interfaces
-        raise ImportError("Unable to load interface '%s': %s" % (name, str(e)))
-    else:
-        try:
-            # Retrieve interface classes
-            parser = mod.ActionsMapParser
-            interface = mod.Interface
-        except AttributeError as e:
-            raise ImportError("Invalid interface '%s': %s" % (name, e))
-
-    # Instantiate or retrieve ActionsMap
-    if isinstance(actionsmap, dict):
-        amap = ActionsMap(actionsmap.pop('parser', parser), **actionsmap)
-    elif isinstance(actionsmap, ActionsMap):
-        amap = actionsmap
-    else:
-        raise ValueError("Invalid actions map '%r'" % actionsmap)
-
-    return interface(amap, **kwargs)
-
-def init_authenticator((vendor, name), kwargs={}):
-    """Return a new authenticator instance
-
-    Retrieve the given authenticator vendor and return a new instance of
-    its Authenticator class for the given profile.
-
-    Keyword arguments:
-        - vendor -- The authenticator vendor name
-        - name -- The authenticator profile name
-        - kwargs -- A dict of arguments for the authenticator profile
-
-    """
-    try:
-        mod = import_module('moulinette.authenticators.%s' % vendor)
-    except ImportError as e:
-        # TODO: List available authenticators vendors
-        raise ImportError("Unable to load authenticator vendor '%s': %s"
-                % (vendor, str(e)))
-    else:
-        return mod.Authenticator(name, **kwargs)
-
-def clean_session(session_id, profiles=[]):
-    """Clean a session cache
-
-    Remove cache for the session 'session_id' and for profiles in
-    'profiles' or for all of them if the list is empty.
-
-    Keyword arguments:
-        - session_id -- The session id to clean
-        - profiles -- A list of profiles to clean
-
-    """
-    sessiondir = pkg.get_cachedir('session')
-    if not profiles:
-        profiles = os.listdir(sessiondir)
-
-    for p in profiles:
-        try:
-            os.unlink(os.path.join(sessiondir, p, '%s.asc' % session_id))
-        except OSError:
-            pass
+        return self.translator.key_exists(key)
 
 
 # Moulinette core classes ----------------------------------------------
 
-class MoulinetteError(OSError):
+
+class MoulinetteError(Exception):
+    http_code = 500
+
     """Moulinette base exception"""
-    pass
+
+    def __init__(self, key, raw_msg=False, *args, **kwargs):
+        if raw_msg:
+            msg = key
+        else:
+            msg = moulinette.m18n.g(key, *args, **kwargs)
+        super(MoulinetteError, self).__init__(msg)
+        self.strerror = msg
+
+    def content(self) -> str:
+        return self.strerror
 
 
-class MoulinetteLock(object):
+class MoulinetteValidationError(MoulinetteError):
+    http_code = 400
+
+
+class MoulinetteAuthenticationError(MoulinetteError):
+    http_code = 401
+
+
+class MoulinetteLock:
     """Locker for a moulinette instance
 
     It provides a lock mechanism for a given moulinette instance. It can
@@ -509,14 +281,18 @@ class MoulinetteLock(object):
             lock
 
     """
-    def __init__(self, namespace, timeout=0, interval=.5):
+
+    base_lockfile = "/var/run/moulinette_%s.lock"
+
+    def __init__(self, namespace, timeout=None, enable_lock=True, interval=0.5):
         self.namespace = namespace
         self.timeout = timeout
         self.interval = interval
+        self.enable_lock = enable_lock
 
-        self._lockfile = '/var/run/moulinette_%s.lock' % namespace
+        self._lockfile = self.base_lockfile % namespace
+        self._stale_checked = False
         self._locked = False
-        self._bypass = False
 
     def acquire(self):
         """Attempt to acquire the lock for the moulinette instance
@@ -528,25 +304,57 @@ class MoulinetteLock(object):
         """
         start_time = time.time()
 
+        # for UX reason, we are going to warn the user that we are waiting for
+        # another yunohost command to end, otherwise the user is very confused
+        # and don't understand that and think yunohost is broken
+        # we are going to warn the user after 15 seconds of waiting time then
+        # after 15*4 seconds, then 15*4*4 seconds...
+        warning_treshold = 15
+
+        logger.debug("acquiring lock...")
+
         while True:
-            if 'BYPASS_LOCK' in os.environ and os.environ['BYPASS_LOCK'] == 'yes':
-                self._bypass = True
-                break
+            lock_pids = self._lock_PIDs()
 
-            if not os.path.isfile(self._lockfile):
-                # Create the lock file
-                try:
-                    (open(self._lockfile, 'w')).close()
-                except IOError:
-                    raise MoulinetteError(errno.EPERM,
-                                          '%s. %s.' % (m18n.g('permission_denied'), m18n.g('root_required')))
-                break
+            if self._is_son_of(lock_pids):
+                return
+
+            if lock_pids == []:
+                self._lock()
+                break
+            elif not self._stale_checked:
+                self._stale_checked = True
+                # Check locked process still exist and take lock if it doesnt
+                # FIXME : what do in the context of multiple locks :|
+                first_lock = lock_pids[0]
+                if not os.path.exists(os.path.join("/proc", str(first_lock), "exe")):
+                    logger.debug("stale lock file found")
+                    self._lock()
+                    break
+
+            if self.timeout is not None and (time.time() - start_time) > self.timeout:
+                raise MoulinetteError("instance_already_running")
+
+            # warn the user if it's been too much time since they are waiting
+            if (time.time() - start_time) > warning_treshold:
+                if warning_treshold == 15:
+                    logger.warning(
+                        moulinette.m18n.g("warn_the_user_about_waiting_lock")
+                    )
+                else:
+                    logger.warning(
+                        moulinette.m18n.g("warn_the_user_about_waiting_lock_again")
+                    )
+                warning_treshold *= 4
 
-            if (time.time() - start_time) > self.timeout:
-                raise MoulinetteError(errno.EBUSY,
-                                      m18n.g('instance_already_running'))
             # Wait before checking again
             time.sleep(self.interval)
+
+        # we have warned the user that we were waiting, for better UX also them
+        # that we have stop waiting and that the command is processing now
+        if warning_treshold != 15:
+            logger.warning(moulinette.m18n.g("warn_the_user_that_lock_is_acquired"))
+        logger.debug("lock has been acquired")
         self._locked = True
 
     def release(self):
@@ -556,12 +364,56 @@ class MoulinetteLock(object):
 
         """
         if self._locked:
-            if not self._bypass:
+            if os.path.exists(self._lockfile):
                 os.unlink(self._lockfile)
+            else:
+                logger.warning(
+                    "Uhoh, somehow the lock %s did not exist ..." % self._lockfile
+                )
+            logger.debug("lock has been released")
             self._locked = False
 
+    def _lock(self):
+        try:
+            with open(self._lockfile, "w") as f:
+                f.write(str(os.getpid()))
+        except IOError:
+            raise MoulinetteError("root_required")
+
+    def _lock_PIDs(self):
+        if not os.path.isfile(self._lockfile):
+            return []
+
+        with open(self._lockfile) as f:
+            lock_pids = f.read().strip().split("\n")
+
+        # Make sure to convert those pids to integers
+        lock_pids = [int(pid) for pid in lock_pids if pid.strip() != ""]
+
+        return lock_pids
+
+    def _is_son_of(self, lock_pids):
+        import psutil
+
+        if lock_pids == []:
+            return False
+
+        # Start with self
+        parent = psutil.Process()
+
+        # While there is a parent... (e.g. init has no parent)
+        while parent is not None:
+            # If parent PID is the lock, then yes! we are a son of the process
+            # with the lock...
+            if parent.pid in lock_pids:
+                return True
+            # Otherwise, try 'next' parent
+            parent = parent.parent()
+
+        return False
+
     def __enter__(self):
-        if not self._locked:
+        if self.enable_lock and not self._locked:
             self.acquire()
         return self
 

moulinette/helpers.py

@@ -1,391 +0,0 @@
-# -*- coding: utf-8 -*-
-
-import os
-import ldap
-import ldap.modlist as modlist
-import json
-import re
-import getpass
-import random
-import string
-import gettext
-import getpass
-
-win = []
-
-def random_password(length=8):
-    char_set = string.ascii_uppercase + string.digits + string.ascii_lowercase
-    return ''.join(random.sample(char_set,length))
-
-def colorize(astr, color):
-    """
-    Print with style ;)
-
-    Keyword arguments:
-        astr    -- String to colorize
-        color   -- Name of the color
-
-    """
-    color_dict = {
-        'red'   : '31',
-        'green' : '32',
-        'yellow': '33',
-        'cyan'  : '34',
-        'purple': '35'
-    }
-    return "\033["+ color_dict[color] +"m\033[1m" + astr + "\033[m"
-
-def pretty_print_dict(d, depth=0):
-    for k,v in sorted(d.items(), key=lambda x: x[0]):
-        k = colorize(str(k), 'purple')
-        if isinstance(v, list) and len(v) == 1:
-            v = v[0]
-        if isinstance(v, dict):
-            print(("  ") * depth + ("%s: " % str(k)))
-            pretty_print_dict(v, depth+1)
-        elif isinstance(v, list):
-            print(("  ") * depth + ("%s: " % str(k)))
-            for key, value in enumerate(v):
-                if isinstance(value, tuple):
-                    pretty_print_dict({value[0]: value[1]}, depth+1)
-                elif isinstance(value, dict):
-                    pretty_print_dict({key: value}, depth+1)
-                else:
-                    print(("  ") * (depth+1) + "- " +str(value))
-        else:
-            if not isinstance(v, basestring):
-                v = str(v)
-            print(("  ") * depth + "%s: %s" % (str(k), v))
-
-def is_true(arg):
-    true_list = ['yes', 'Yes', 'true', 'True' ]
-    for string in true_list:
-        if arg == string:
-            return True
-
-    return False
-
-def win_msg(astr):
-    """
-    Display a success message if isatty
-
-    Keyword arguments:
-        astr -- Win message to display
-
-    """
-    global win
-    if os.isatty(1):
-        print('\n' + colorize(_("Success: "), 'green') + astr + '\n')
-
-    win.append(astr)
-
-
-def validate(pattern, array):
-    """
-    Validate attributes with a pattern
-
-    Keyword arguments:
-        pattern -- Regex to match with the strings
-        array -- List of strings to check
-
-    Returns:
-        Boolean | YunoHostError
-
-    """
-    if array is None:
-        return True
-    if isinstance(array, str):
-        array = [array]
-    for string in array:
-        if re.match(pattern, string):
-            pass
-        else:
-            raise YunoHostError(22, _('Invalid attribute') + ' ' + string)
-        return True
-
-def get_required_args(args, required_args, password=False):
-    """
-    Input missing values or raise Exception
-
-    Keyword arguments:
-       args -- Available arguments
-       required_args -- Dictionary of required arguments and input phrase
-       password -- True|False Hidden password double-input needed
-
-    Returns:
-        args
-
-    """
-    try:
-        for arg, phrase in required_args.items():
-            if not args[arg] and arg != 'password':
-                if os.isatty(1):
-                    args[arg] = raw_input(colorize(phrase + ': ', 'cyan'))
-                else:
-                    raise Exception #TODO: fix
-        # Password
-        if 'password' in required_args and password:
-            if not args['password']:
-                if os.isatty(1):
-                    args['password'] = getpass.getpass(colorize(required_args['password'] + ': ', 'cyan'))
-                    pwd2 = getpass.getpass(colorize('Retype ' + required_args['password'][0].lower() + required_args['password'][1:] + ': ', 'cyan'))
-                    if args['password'] != pwd2:
-                        raise YunoHostError(22, _("Passwords doesn't match"))
-                else:
-                    raise YunoHostError(22, _("Missing arguments"))
-    except KeyboardInterrupt, EOFError:
-        raise YunoHostError(125, _("Interrupted"))
-
-    return args
-
-
-def display_error(error, json_print=False):
-    """
-    Nice error displaying
-
-    """
-    if not __debug__ :
-        traceback.print_exc()
-    if os.isatty(1) and not json_print:
-        print('\n' + colorize(_("Error: "), 'red') + error.message)
-    else:
-        print(json.dumps({ error.code : error.message }))
-
-
-class YunoHostError(Exception):
-    """
-    Custom exception
-
-    Keyword arguments:
-        code    -- Integer error code
-        message -- Error message to display
-
-    """
-    def __init__(self, code, message):
-        code_dict = {
-            1   : _('Fail'),
-            13  : _('Permission denied'),
-            17  : _('Already exists'),
-            22  : _('Invalid arguments'),
-            87  : _('Too many users'),
-            111 : _('Connection refused'),
-            122 : _('Quota exceeded'),
-            125 : _('Operation canceled'),
-            167 : _('Not found'),
-            168 : _('Undefined'),
-            169 : _('LDAP operation error')
-        }
-        self.code = code
-        self.message = message
-        if code_dict[code]:
-            self.desc = code_dict[code]
-        else:
-            self.desc = code
-
-
-class Singleton(object):
-    instances = {}
-    def __new__(cls, *args, **kwargs):
-        if cls not in cls.instances:
-            cls.instances[cls] = super(Singleton, cls).__new__(cls, *args, **kwargs)
-        return cls.instances[cls]
-
-
-class YunoHostLDAP(Singleton):
-    """ Specific LDAP functions for YunoHost """
-    pwd = False
-    connected = False
-    conn = ldap.initialize('ldap://localhost:389')
-    base = 'dc=yunohost,dc=org'
-    level = 0
-
-    def __enter__(self):
-        return self
-
-    def __init__(self, password=False, anonymous=False):
-        """
-        Connect to LDAP base
-
-        Initialize to localhost, base yunohost.org, prompt for password
-
-        """
-        if anonymous:
-           self.conn.simple_bind_s()
-           self.connected = True
-        elif self.connected and not password:
-           pass
-        else:
-            if password:
-                self.pwd = password
-            elif self.pwd:
-                pass
-            else:
-                try:
-                    with open('/etc/yunohost/passwd') as f:
-                        self.pwd = f.read()
-                except IOError:
-                    need_password = True
-                    while need_password:
-                        try:
-                            self.pwd = getpass.getpass(colorize(_('Admin Password: '), 'yellow'))
-                            self.conn.simple_bind_s('cn=admin,' + self.base, self.pwd)
-                        except KeyboardInterrupt, EOFError:
-                            raise YunoHostError(125, _("Interrupted"))
-                        except ldap.INVALID_CREDENTIALS:
-                            print(_('Invalid password... Try again'))
-                        else:
-                            need_password = False
-
-            try:
-                self.conn.simple_bind_s('cn=admin,' + self.base, self.pwd)
-                self.connected = True
-            except ldap.INVALID_CREDENTIALS:
-                raise YunoHostError(13, _('Invalid credentials'))
-
-        self.level = self.level+1
-
-    def __exit__(self, type, value, traceback):
-        self.level = self.level-1
-        if self.level == 0:
-            try: self.disconnect()
-            except: pass
-
-    def disconnect(self):
-        """
-        Unbind from LDAP
-
-        Returns
-            Boolean | YunoHostError
-
-        """
-        try:
-            self.connected = False
-            self.pwd = False
-            self.conn.unbind_s()
-        except:
-            raise YunoHostError(169, _('An error occured during disconnection'))
-        else:
-            return True
-
-
-    def search(self, base=None, filter='(objectClass=*)', attrs=['dn']):
-        """
-        Search in LDAP base
-
-        Keyword arguments:
-            base    -- Base to search into
-            filter  -- LDAP filter
-            attrs   -- Array of attributes to fetch
-
-        Returns:
-            Boolean | Dict
-
-        """
-        if not base:
-            base = self.base
-
-        try:
-            result = self.conn.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs)
-        except:
-            raise YunoHostError(169, _('An error occured during LDAP search'))
-
-        if result:
-            result_list = []
-            for dn, entry in result:
-                if attrs != None:
-                    if 'dn' in attrs:
-                        entry['dn'] = [dn]
-                result_list.append(entry)
-            return result_list
-        else:
-            return False
-
-
-    def add(self, rdn, attr_dict):
-        """
-        Add LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-            attr_dict   -- Dictionnary of attributes/values to add
-
-        Returns:
-            Boolean | YunoHostError
-
-        """
-        dn = rdn + ',' + self.base
-        ldif = modlist.addModlist(attr_dict)
-
-        try:
-            self.conn.add_s(dn, ldif)
-        except:
-            raise YunoHostError(169, _('An error occured during LDAP entry creation'))
-        else:
-            return True
-
-    def remove(self, rdn):
-        """
-        Remove LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-
-        Returns:
-            Boolean | YunoHostError
-
-        """
-        dn = rdn + ',' + self.base
-        try:
-            self.conn.delete_s(dn)
-        except:
-            raise YunoHostError(169, _('An error occured during LDAP entry deletion'))
-        else:
-            return True
-
-
-    def update(self, rdn, attr_dict, new_rdn=False):
-        """
-        Modify LDAP entry
-
-        Keyword arguments:
-            rdn         -- DN without domain
-            attr_dict   -- Dictionnary of attributes/values to add
-            new_rdn     -- New RDN for modification
-
-        Returns:
-            Boolean | YunoHostError
-
-        """
-        dn = rdn + ',' + self.base
-        actual_entry = self.search(base=dn, attrs=None)
-        ldif = modlist.modifyModlist(actual_entry[0], attr_dict, ignore_oldexistent=1)
-
-        try:
-            if new_rdn:
-                self.conn.rename_s(dn, new_rdn)
-                dn = new_rdn + ',' + self.base
-
-            self.conn.modify_ext_s(dn, ldif)
-        except:
-            raise YunoHostError(169, _('An error occured during LDAP entry update'))
-        else:
-            return True
-
-
-    def validate_uniqueness(self, value_dict):
-        """
-        Check uniqueness of values
-
-        Keyword arguments:
-            value_dict -- Dictionnary of attributes/values to check
-
-        Returns:
-            Boolean | YunoHostError
-
-        """
-        for attr, value in value_dict.items():
-            if not self.search(filter=attr + '=' + value):
-                continue
-            else:
-                raise YunoHostError(17, _('Attribute already exists') + ' "' + attr + '=' + value + '"')
-        return True

moulinette/interfaces/__init__.py

@@ -1,13 +1,23 @@
 # -*- coding: utf-8 -*-
 
-import errno
+import re
 import logging
+import argparse
+import copy
+import datetime
+from collections import OrderedDict
+from json.encoder import JSONEncoder
+from typing import Optional
+
+from moulinette import m18n
+
+logger = logging.getLogger("moulinette.interface")
 
-from moulinette.core import (init_authenticator, MoulinetteError)
 
 # Base Class -----------------------------------------------------------
 
-class BaseActionsMapParser(object):
+
+class BaseActionsMapParser:
     """Actions map's base Parser
 
     Each interfaces must implement an ActionsMapParser class derived
@@ -20,25 +30,18 @@ class BaseActionsMapParser(object):
         - parent -- A parent BaseActionsMapParser derived object
 
     """
-    def __init__(self, parent=None):
-        if parent:
-            self._o = parent
-        else:
-            msettings['interface'] = self.interface
 
-            self._o = self
-            self._global_conf = {}
-            self._conf = {}
+    def __init__(self, parent=None, **kwargs):
+        if not parent:
+            logger.debug("initializing base actions map parser for %s", self.interface)
 
-
-    ## Virtual properties
+    # Virtual properties
     # Each parser classes must implement these properties.
 
     """The name of the interface for which it is the parser"""
-    interface = None
+    interface: Optional[str] = None
 
-
-    ## Virtual methods
+    # Virtual methods
     # Each parser classes must implement these methods.
 
     @staticmethod
@@ -57,8 +60,10 @@ class BaseActionsMapParser(object):
             A list of option strings
 
         """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+        raise NotImplementedError("derived class must override this method")
+
+    def has_global_parser(self):
+        return False
 
     def add_global_parser(self, **kwargs):
         """Add a parser for global arguments
@@ -69,8 +74,9 @@ class BaseActionsMapParser(object):
             An ArgumentParser based object
 
         """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+        raise NotImplementedError(
+            "derived class '%s' must override this method" % self.__class__.__name__
+        )
 
     def add_category_parser(self, name, **kwargs):
         """Add a parser for a category
@@ -84,8 +90,9 @@ class BaseActionsMapParser(object):
             A BaseParser based object
 
         """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+        raise NotImplementedError(
+            "derived class '%s' must override this method" % self.__class__.__name__
+        )
 
     def add_action_parser(self, name, tid, **kwargs):
         """Add a parser for an action
@@ -100,8 +107,23 @@ class BaseActionsMapParser(object):
             An ArgumentParser based object
 
         """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+        raise NotImplementedError(
+            "derived class '%s' must override this method" % self.__class__.__name__
+        )
+
+    def auth_method(self, *args, **kwargs):
+        """Check if authentication is required to run the requested action
+
+        Keyword arguments:
+            - args -- Arguments string or dict (TODO)
+
+        Returns:
+            False, or the authentication profile required
+
+        """
+        raise NotImplementedError(
+            "derived class '%s' must override this method" % self.__class__.__name__
+        )
 
     def parse_args(self, args, **kwargs):
         """Parse arguments
@@ -116,202 +138,343 @@ class BaseActionsMapParser(object):
             The populated namespace
 
         """
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+        raise NotImplementedError(
+            "derived class '%s' must override this method" % self.__class__.__name__
+        )
 
 
-    ## Configuration access
-
-    @property
-    def global_conf(self):
-        """Return the global configuration of the parser"""
-        return self._o._global_conf
-
-    def get_global_conf(self, name, profile='default'):
-        """Get the global value of a configuration
-
-        Return the formated global value of the configuration 'name' for
-        the given profile. If the configuration doesn't provide profile,
-        the formated default value is returned.
-
-        Keyword arguments:
-            - name -- The configuration name
-            - profile -- The profile of the configuration
-
-        """
-        if name == 'authenticator':
-            value = self.global_conf[name][profile]
-        else:
-            value = self.global_conf[name]
-        return self._format_conf(name, value)
-
-    def set_global_conf(self, configuration):
-        """Set global configuration
-
-        Set the global configuration to use for the parser.
-
-        Keyword arguments:
-            - configuration -- The global configuration
-
-        """
-        self._o._global_conf.update(self._validate_conf(configuration, True))
-
-    def get_conf(self, action, name):
-        """Get the value of an action configuration
-
-        Return the formated value of configuration 'name' for the action
-        identified by 'action'. If the configuration for the action is
-        not set, the default one is returned.
-
-        Keyword arguments:
-            - action -- An action identifier
-            - name -- The configuration name
-
-        """
-        try:
-            value = self._o._conf[action][name]
-        except KeyError:
-            return self.get_global_conf(name)
-        else:
-            return self._format_conf(name, value)
-
-    def set_conf(self, action, configuration):
-        """Set configuration for an action
-
-        Set the configuration to use for a given action identified by
-        'action' which is specific to the parser.
-
-        Keyword arguments:
-            - action -- The action identifier
-            - configuration -- The configuration for the action
-
-        """
-        self._o._conf[action] = self._validate_conf(configuration)
+# Argument parser ------------------------------------------------------
 
 
-    def _validate_conf(self, configuration, is_global=False):
-        """Validate configuration for the parser
+class _ExtendedSubParsersAction(argparse._SubParsersAction):
+    """Subparsers with extended properties for argparse
 
-        Return the validated configuration for the interface's actions
-        map parser.
+    It provides the following additional properties at initialization,
+    e.g. using `parser.add_subparsers`:
+      - required -- Either the subparser is required or not (default: False)
 
-        Keyword arguments:
-            - configuration -- The configuration to pre-format
-
-        """
-        # TODO: Create a class with a validator method for each configuration
-        conf = {}
-
-        # -- 'authenficate'
-        try:
-            ifaces = configuration['authenticate']
-        except KeyError:
-            pass
-        else:
-            if ifaces == 'all':
-                conf['authenticate'] = ifaces
-            elif ifaces == False:
-                conf['authenticate'] = False
-            elif isinstance(ifaces, list):
-                # Store only if authentication is needed
-                conf['authenticate'] = True if self.interface in ifaces else False
-            else:
-                # TODO: Log error instead and tell valid values
-                raise MoulinetteError(errno.EINVAL, "Invalid value '%r' for configuration 'authenticate'" % ifaces)
-
-        # -- 'authenticator'
-        try:
-            auth = configuration['authenticator']
-        except KeyError:
-            pass
-        else:
-            if not is_global and isinstance(auth, str):
-                try:
-                    # Store needed authenticator profile
-                    conf['authenticator'] = self.global_conf['authenticator'][auth]
-                except KeyError:
-                    raise MoulinetteError(errno.EINVAL, "Undefined authenticator '%s' in global configuration" % auth)
-            elif is_global and isinstance(auth, dict):
-                if len(auth) == 0:
-                    logging.warning('no authenticator defined in global configuration')
-                else:
-                    auths = {}
-                    for auth_name, auth_conf in auth.items():
-                        # Add authenticator profile as a 3-tuple
-                        # (identifier, configuration, parameters) with
-                        # - identifier: the authenticator vendor and its
-                        #     profile name as a 2-tuple
-                        # - configuration: a dict of additional global
-                        #     configuration (i.e. 'help')
-                        # - parameters: a dict of arguments for the
-                        #     authenticator profile
-                        auths[auth_name] = ((auth_conf.get('vendor'), auth_name),
-                                            { 'help': auth_conf.get('help', None) },
-                                            auth_conf.get('parameters', {}))
-                    conf['authenticator'] = auths
-            else:
-                # TODO: Log error instead and tell valid values
-                raise MoulinetteError(errno.EINVAL, "Invalid value '%r' for configuration 'authenticator'" % auth)
-
-        # -- 'argument_auth'
-        try:
-            arg_auth = configuration['argument_auth']
-        except KeyError:
-            pass
-        else:
-            if isinstance(arg_auth, bool):
-                conf['argument_auth'] = arg_auth
-            else:
-                # TODO: Log error instead and tell valid values
-                raise MoulinetteError(errno.EINVAL, "Invalid value '%r' for configuration 'argument_auth'" % arg_auth)
-
-        # -- 'lock'
-        try:
-            lock = configuration['lock']
-        except KeyError:
-            pass
-        else:
-            if isinstance(lock, bool):
-                conf['lock'] = lock
-            else:
-                raise MoulinetteError(errno.EINVAL, "Invalid value '%r' for configuration 'lock'" % lock)
-
-        return conf
-
-    def _format_conf(self, name, value):
-        """Format a configuration value
-
-        Return the formated value of the configuration 'name' from its
-        given value.
-
-        Keyword arguments:
-            - name -- The name of the configuration
-            - value -- The value to format
-
-        """
-        if name == 'authenticator' and value:
-            (identifier, configuration, parameters) = value
-
-            # Return global configuration and an authenticator
-            # instanciator as a 2-tuple
-            return (configuration,
-                    lambda: init_authenticator(identifier, parameters))
-
-        return value
-
-
-class BaseInterface(object):
-    """Moulinette's base Interface
-
-    Each interfaces must implement an Interface class derived from this
-    class which must overrides virtual properties and methods.
-    It is used to provide a user interface for an actions map.
-
-    Keyword arguments:
-        - actionsmap -- The ActionsMap instance to connect to
+    It also provides the following additional properties for parsers,
+    e.g. using `subparsers.add_parser`:
+      - deprecated -- Wether the command is deprecated
+      - deprecated_alias -- A list of deprecated command alias names
 
     """
-    # TODO: Add common interface methods and try to standardize default ones
-    def __init__(self, actionsmap):
-        raise NotImplementedError("derived class '%s' must override this method" % \
-                                      self.__class__.__name__)
+
+    def __init__(self, *args, **kwargs):
+        required = kwargs.pop("required", False)
+        super(_ExtendedSubParsersAction, self).__init__(*args, **kwargs)
+
+        self.required = required
+        self._deprecated_command_map = {}
+
+    def add_parser(self, name, type_=None, **kwargs):
+        hide_in_help = kwargs.pop("hide_in_help", False)
+        deprecated = kwargs.pop("deprecated", False)
+        deprecated_alias = kwargs.pop("deprecated_alias", [])
+
+        if deprecated:
+            self._deprecated_command_map[name] = None
+
+        if deprecated or hide_in_help:
+            if "help" in kwargs:
+                del kwargs["help"]
+
+        parser = super(_ExtendedSubParsersAction, self).add_parser(name, **kwargs)
+
+        # Append each deprecated command alias name
+        for command in deprecated_alias:
+            self._deprecated_command_map[command] = name
+            self._name_parser_map[command] = parser
+
+        parser.type = type_
+
+        return parser
+
+    def __call__(self, parser, namespace, values, option_string=None):
+        parser_name = values[0]
+
+        try:
+            # Check for deprecated command name
+            correct_name = self._deprecated_command_map[parser_name]
+        except KeyError:
+            pass
+        else:
+            # Warn the user about deprecated command
+            if correct_name is None:
+                logger.warning(
+                    m18n.g("deprecated_command", prog=parser.prog, command=parser_name)
+                )
+            else:
+                logger.warning(
+                    m18n.g(
+                        "deprecated_command_alias",
+                        old=parser_name,
+                        new=correct_name,
+                        prog=parser.prog,
+                    )
+                )
+                values[0] = correct_name
+
+        return super(_ExtendedSubParsersAction, self).__call__(
+            parser, namespace, values, option_string
+        )
+
+
+class ExtendedArgumentParser(argparse.ArgumentParser):
+    def __init__(self, *args, **kwargs):
+        super(ExtendedArgumentParser, self).__init__(
+            formatter_class=PositionalsFirstHelpFormatter, *args, **kwargs
+        )
+
+        # Register additional actions
+        self.register("action", "parsers", _ExtendedSubParsersAction)
+
+    def add_arguments(
+        self, arguments, extraparser, format_arg_names=None, validate_extra=True
+    ):
+        for argument_name, argument_options in arguments.items():
+            # will adapt arguments name for cli or api context
+            names = format_arg_names(
+                str(argument_name), argument_options.pop("full", None)
+            )
+
+            if "type" in argument_options:
+                argument_options["type"] = eval(argument_options["type"])
+
+            if "extra" in argument_options:
+                extra = argument_options.pop("extra")
+                argument_dest = self.add_argument(*names, **argument_options).dest
+                extraparser.add_argument(
+                    self.get_default("_tid"), argument_dest, extra, validate_extra
+                )
+                continue
+
+            self.add_argument(*names, **argument_options)
+
+    def _get_nargs_pattern(self, action):
+        if action.nargs == argparse.PARSER and not action.required:
+            return "([-AO]*)"
+        else:
+            return super(ExtendedArgumentParser, self)._get_nargs_pattern(action)
+
+    def _get_values(self, action, arg_strings):
+        if action.nargs == argparse.PARSER and not action.required:
+            value = [self._get_value(action, v) for v in arg_strings]
+            if value:
+                self._check_value(action, value[0])
+            else:
+                value = argparse.SUPPRESS
+        else:
+            value = super(ExtendedArgumentParser, self)._get_values(action, arg_strings)
+        return value
+
+    # Adapted from :
+    # https://github.com/python/cpython/blob/af26c15110b76195e62a06d17e39176d42c0511c/Lib/argparse.py#L2293-L2314
+    def format_help(self):
+        formatter = self._get_formatter()
+
+        # usage
+        formatter.add_usage(self.usage, self._actions, self._mutually_exclusive_groups)
+
+        # description
+        formatter.add_text(self.description)
+
+        # positionals, optionals and user-defined groups
+        for action_group in self._action_groups:
+            # Dirty hack to separate 'subcommands'
+            # into 'actions' and 'subcategories'
+            if action_group.title == "subcommands":
+                # Make a copy of the "action group actions"...
+                choice_actions = action_group._group_actions[0]._choices_actions
+                actions_subparser = copy.copy(action_group._group_actions[0])
+                subcategories_subparser = copy.copy(action_group._group_actions[0])
+
+                # Filter "action"-type and "subcategory"-type commands
+                actions_subparser.choices = OrderedDict(
+                    [
+                        (k, v)
+                        for k, v in actions_subparser.choices.items()
+                        if v.type == "action"
+                    ]
+                )
+                subcategories_subparser.choices = OrderedDict(
+                    [
+                        (k, v)
+                        for k, v in subcategories_subparser.choices.items()
+                        if v.type == "subcategory"
+                    ]
+                )
+
+                actions_choices = actions_subparser.choices.keys()
+                subcategories_choices = subcategories_subparser.choices.keys()
+
+                actions_subparser._choices_actions = [
+                    c for c in choice_actions if c.dest in actions_choices
+                ]
+                subcategories_subparser._choices_actions = [
+                    c for c in choice_actions if c.dest in subcategories_choices
+                ]
+
+                # Display each section (actions and subcategories)
+                if actions_choices:
+                    formatter.start_section("actions")
+                    formatter.add_arguments([actions_subparser])
+                    formatter.end_section()
+
+                if subcategories_choices:
+                    formatter.start_section("subcategories")
+                    formatter.add_arguments([subcategories_subparser])
+                    formatter.end_section()
+
+            else:
+                formatter.start_section(action_group.title)
+                formatter.add_text(action_group.description)
+                formatter.add_arguments(action_group._group_actions)
+                formatter.end_section()
+
+        # epilog
+        formatter.add_text(self.epilog)
+
+        # determine help from format above
+        return formatter.format_help()
+
+
+# This is copy-pasta from the original argparse.HelpFormatter :
+# https://github.com/python/cpython/blob/1e73dbbc29c96d0739ffef92db36f63aa1aa30da/Lib/argparse.py#L293-L383
+# tweaked to display positional arguments first in usage/--help
+#
+# This is motivated by the "bug" / inconsistent behavior described here :
+# http://bugs.python.org/issue9338
+# and fix is inspired from here :
+# https://stackoverflow.com/questions/26985650/argparse-do-not-catch-positional-arguments-with-nargs/26986546#26986546
+class PositionalsFirstHelpFormatter(argparse.HelpFormatter):
+    def _format_usage(self, usage, actions, groups, prefix):
+        if prefix is None:
+            # TWEAK : not using gettext here...
+            prefix = "usage: "
+
+        # if usage is specified, use that
+        if usage is not None:
+            usage = usage % dict(prog=self._prog)
+
+        # if no optionals or positionals are available, usage is just prog
+        elif usage is None and not actions:
+            usage = "%(prog)s" % dict(prog=self._prog)
+
+        # if optionals and positionals are available, calculate usage
+        elif usage is None:
+            prog = "%(prog)s" % dict(prog=self._prog)
+
+            # split optionals from positionals
+            optionals = []
+            positionals = []
+            for action in actions:
+                if action.option_strings:
+                    optionals.append(action)
+                else:
+                    positionals.append(action)
+
+            # build full usage string
+            format = self._format_actions_usage
+            # TWEAK here : positionals first
+            action_usage = format(positionals + optionals, groups)
+            usage = " ".join([s for s in [prog, action_usage] if s])
+
+            # wrap the usage parts if it's too long
+            text_width = self._width - self._current_indent
+            if len(prefix) + len(usage) > text_width:
+                # break usage into wrappable parts
+                part_regexp = r"\(.*?\)+|\[.*?\]+|\S+"
+                opt_usage = format(optionals, groups)
+                pos_usage = format(positionals, groups)
+                opt_parts = re.findall(part_regexp, opt_usage)
+                pos_parts = re.findall(part_regexp, pos_usage)
+                assert " ".join(opt_parts) == opt_usage
+                assert " ".join(pos_parts) == pos_usage
+
+                # helper for wrapping lines
+                def get_lines(parts, indent, prefix=None):
+                    lines = []
+                    line = []
+                    if prefix is not None:
+                        line_len = len(prefix) - 1
+                    else:
+                        line_len = len(indent) - 1
+                    for part in parts:
+                        if line_len + 1 + len(part) > text_width:
+                            lines.append(indent + " ".join(line))
+                            line = []
+                            line_len = len(indent) - 1
+                        line.append(part)
+                        line_len += len(part) + 1
+                    if line:
+                        lines.append(indent + " ".join(line))
+                    if prefix is not None:
+                        lines[0] = lines[0][len(indent) :]
+                    return lines
+
+                # if prog is short, follow it with optionals or positionals
+                if len(prefix) + len(prog) <= 0.75 * text_width:
+                    indent = " " * (len(prefix) + len(prog) + 1)
+                    # START TWEAK : pos_parts first, then opt_parts
+                    if pos_parts:
+                        lines = get_lines([prog] + pos_parts, indent, prefix)
+                        lines.extend(get_lines(opt_parts, indent))
+                    elif opt_parts:
+                        lines = get_lines([prog] + opt_parts, indent, prefix)
+                    # END TWEAK
+                    else:
+                        lines = [prog]
+
+                # if prog is long, put it on its own line
+                else:
+                    indent = " " * len(prefix)
+                    parts = pos_parts + opt_parts
+                    lines = get_lines(parts, indent)
+                    if len(lines) > 1:
+                        lines = []
+                        # TWEAK here : pos_parts first, then opt_part
+                        lines.extend(get_lines(pos_parts, indent))
+                        lines.extend(get_lines(opt_parts, indent))
+                    lines = [prog] + lines
+
+                # join lines into usage
+                usage = "\n".join(lines)
+
+        # prefix with 'usage:'
+        return "{}{}\n\n".format(prefix, usage)
+
+
+class JSONExtendedEncoder(JSONEncoder):
+    """Extended JSON encoder
+
+    Extend default JSON encoder to recognize more types and classes. It will
+    never raise an exception if the object can't be encoded and return its repr
+    instead.
+
+    The following objects and types are supported:
+        - set: converted into list
+
+    """
+
+    def default(self, o):
+        import pytz  # Lazy loading, this takes like 3+ sec on a RPi2 ?!
+
+        """Return a serializable object"""
+        # Convert compatible containers into list
+        if isinstance(o, set) or (hasattr(o, "__iter__") and hasattr(o, "next")):
+            return list(o)
+
+        # Display the date in its iso format ISO-8601 Internet Profile (RFC 3339)
+        if isinstance(o, datetime.date):
+            if o.tzinfo is None:
+                o = o.replace(tzinfo=pytz.utc)
+            return o.isoformat()
+
+        # Return the repr for object that json can't encode
+        logger.warning(
+            "cannot properly encode in JSON the object %s, " "returned repr is: %r",
+            type(o),
+            o,
+        )
+        return repr(o)

moulinette/interfaces/cli.py

@@ -1,26 +1,74 @@
 # -*- coding: utf-8 -*-
 
 import os
-import errno
-import getpass
-import argparse
+import sys
 import locale
+import logging
+import argparse
+import tempfile
+from collections import OrderedDict
+from datetime import date, datetime
+from subprocess import call
+
+from moulinette import m18n, Moulinette
+from moulinette.actionsmap import ActionsMap
+from moulinette.core import MoulinetteError, MoulinetteValidationError
+from moulinette.interfaces import (
+    BaseActionsMapParser,
+    ExtendedArgumentParser,
+    JSONExtendedEncoder,
+)
+from moulinette.utils import log
+
+# Monkeypatch _get_action_name function because there is an annoying bug
+# Explained here: https://bugs.python.org/issue29298
+# Fixed by: https://github.com/python/cpython/pull/3680
+# To reproduce the bug, just launch a command line without action
+# For example:
+#       yunohost firewall
+# It should display:
+#       usage: yunohost firewall {list,reload,allow,disallow,upnp,stop} ... [-h]
+#       yunohost firewall: error: the following arguments are required: {list,reload,allow,disallow,upnp,stop}
+# But it display instead:
+#       Error: unable to parse arguments 'firewall' because: sequence item 0: expected str instance, NoneType found
+
+
+def monkey_get_action_name(argument):
+    if argument is None:
+        return None
+    elif argument.option_strings:
+        return "/".join(argument.option_strings)
+    elif argument.metavar not in (None, argparse.SUPPRESS):
+        return argument.metavar
+    elif argument.dest not in (None, argparse.SUPPRESS):
+        return argument.dest
+    elif argument.choices:
+        return "{" + ",".join(argument.choices) + "}"
+    else:
+        return None
+
+
+argparse._get_action_name = monkey_get_action_name
+
+logger = log.getLogger("moulinette.cli")
 
-from moulinette.core import MoulinetteError
-from moulinette.interfaces import (BaseActionsMapParser, BaseInterface)
 
 # CLI helpers ----------------------------------------------------------
 
+CLI_COLOR_TEMPLATE = "\033[{:d}m\033[1m"
+END_CLI_COLOR = "\033[m"
+
 colors_codes = {
-    'red'   : 31,
-    'green' : 32,
-    'yellow': 33,
-    'blue'  : 34,
-    'purple': 35,
-    'cyan'  : 36,
-    'white' : 37
+    "red": CLI_COLOR_TEMPLATE.format(31),
+    "green": CLI_COLOR_TEMPLATE.format(32),
+    "yellow": CLI_COLOR_TEMPLATE.format(33),
+    "blue": CLI_COLOR_TEMPLATE.format(34),
+    "purple": CLI_COLOR_TEMPLATE.format(35),
+    "cyan": CLI_COLOR_TEMPLATE.format(36),
+    "white": CLI_COLOR_TEMPLATE.format(37),
 }
 
+
 def colorize(astr, color):
     """Colorize a string
 
@@ -32,12 +80,79 @@ def colorize(astr, color):
 
     """
     if os.isatty(1):
-        return '\033[{:d}m\033[1m{:s}\033[m'.format(colors_codes[color], astr)
+        return "{:s}{:s}{:s}".format(colors_codes[color], astr, END_CLI_COLOR)
     else:
         return astr
 
+
+def plain_print_dict(d, depth=0):
+    """Print in a plain way a dictionary recursively
+
+    Print a dictionary recursively for scripting usage to the standard output.
+
+    Output formatting:
+      >>> d = {'key': 'value', 'list': [1,2], 'dict': {'key2': 'value2'}}
+      >>> plain_print_dict(d)
+      #key
+      value
+      #list
+      1
+      2
+      #dict
+      ##key2
+      value2
+
+    Keyword arguments:
+        - d -- The dictionary to print
+        - depth -- The recursive depth of the dictionary
+
+    """
+    # skip first key printing
+    if depth == 0 and (isinstance(d, dict) and len(d) == 1):
+        _, d = d.popitem()
+    if isinstance(d, (tuple, set)):
+        d = list(d)
+    if isinstance(d, list):
+        for v in d:
+            plain_print_dict(v, depth + 1)
+    elif isinstance(d, dict):
+        for k, v in d.items():
+            print("{}{}".format("#" * (depth + 1), k))
+            plain_print_dict(v, depth + 1)
+    else:
+        print(d)
+
+
+def pretty_date(_date):
+    """Display a date in the current time zone without ms and tzinfo
+
+    Argument:
+        - date -- The date or datetime to display
+    """
+    import pytz  # Lazy loading, this takes like 3+ sec on a RPi2 ?!
+
+    # Deduce system timezone
+    nowutc = datetime.now(tz=pytz.utc)
+    nowtz = datetime.now()
+    nowtz = nowtz.replace(tzinfo=pytz.utc)
+    offsetHour = nowutc - nowtz
+    offsetHour = int(round(offsetHour.total_seconds() / 3600))
+    localtz = "Etc/GMT%+d" % offsetHour
+
+    # Transform naive date into UTC date
+    if _date.tzinfo is None:
+        _date = _date.replace(tzinfo=pytz.utc)
+
+    # Convert UTC date into system locale date
+    _date = _date.astimezone(pytz.timezone(localtz))
+    if isinstance(_date, datetime):
+        return _date.strftime("%Y-%m-%d %H:%M:%S")
+    else:
+        return _date.strftime("%Y-%m-%d")
+
+
 def pretty_print_dict(d, depth=0):
-    """Print a dictionary recursively
+    """Print in a pretty way a dictionary recursively
 
     Print a dictionary recursively with colors to the standard output.
 
@@ -46,70 +161,164 @@ def pretty_print_dict(d, depth=0):
         - depth -- The recursive depth of the dictionary
 
     """
-    for k,v in sorted(d.items(), key=lambda x: x[0]):
-        k = colorize(str(k), 'purple')
+    keys = d.keys()
+    if not isinstance(d, OrderedDict):
+        keys = sorted(keys)
+    for k in keys:
+        v = d[k]
+        k = colorize(str(k), "purple")
+        if isinstance(v, (tuple, set)):
+            v = list(v)
         if isinstance(v, list) and len(v) == 1:
             v = v[0]
         if isinstance(v, dict):
             print("{:s}{}: ".format("  " * depth, k))
-            pretty_print_dict(v, depth+1)
+            pretty_print_dict(v, depth + 1)
         elif isinstance(v, list):
             print("{:s}{}: ".format("  " * depth, k))
             for key, value in enumerate(v):
                 if isinstance(value, tuple):
-                    pretty_print_dict({value[0]: value[1]}, depth+1)
+                    pretty_print_dict({value[0]: value[1]}, depth + 1)
                 elif isinstance(value, dict):
-                    pretty_print_dict({key: value}, depth+1)
+                    pretty_print_dict({key: value}, depth + 1)
                 else:
-                    if isinstance(value, unicode):
-                        value = value.encode('utf-8')
-                    print("{:s}- {}".format("  " * (depth+1), value))
+                    if isinstance(v, date):
+                        v = pretty_date(v)
+                    print("{:s}- {}".format("  " * (depth + 1), value))
         else:
-            if isinstance(v, unicode):
-                v = v.encode('utf-8')
+            if isinstance(v, date):
+                v = pretty_date(v)
             print("{:s}{}: {}".format("  " * depth, k, v))
 
+
 def get_locale():
-    """Return current user locale"""
-    lang = locale.getdefaultlocale()[0]
+    """Return current user eocale"""
+    try:
+        lang = locale.getdefaultlocale()[0]
+    except Exception:
+        # In some edge case the locale lib fails ...
+        # c.f. https://forum.yunohost.org/t/error-when-trying-to-enter-user-information-in-admin-panel/11390/11
+        lang = os.getenv("LANG")
     if not lang:
-        return ''
+        return ""
     return lang[:2]
 
+
 # CLI Classes Implementation -------------------------------------------
 
+
+class TTYHandler(logging.StreamHandler):
+    """TTY log handler
+
+    A handler class which prints logging records for a tty. The record is
+    neverthemess formatted depending if it is connected to a tty(-like)
+    device.
+    If it's the case, the level name - optionnaly colorized - is prepended
+    to the message and the result is stored in the record as `message_key`
+    attribute. That way, a custom formatter can be defined. The default is
+    to output just the formatted message.
+    Anyway, if the stream is not a tty, just the message is output.
+
+    Note that records with a level higher or equal to WARNING are sent to
+    stderr. Otherwise, they are sent to stdout.
+
+    """
+
+    LEVELS_COLOR = {
+        log.NOTSET: "white",
+        log.DEBUG: "white",
+        log.INFO: "cyan",
+        log.SUCCESS: "green",
+        log.WARNING: "yellow",
+        log.ERROR: "red",
+        log.CRITICAL: "red",
+    }
+
+    def __init__(self, message_key="fmessage"):
+        logging.StreamHandler.__init__(self)
+        self.message_key = message_key
+
+    def format(self, record):
+        """Enhance message with level and colors if supported."""
+        msg = record.getMessage()
+        if self.supports_color():
+            level = ""
+            if self.level <= log.DEBUG:
+                # add level name before message
+                level = "%s " % record.levelname
+            elif record.levelname in ["SUCCESS", "WARNING", "ERROR", "INFO"]:
+                # add translated level name before message
+                level = "%s " % m18n.g(record.levelname.lower())
+            color = self.LEVELS_COLOR.get(record.levelno, "white")
+            msg = "{}{}{}{}".format(colors_codes[color], level, END_CLI_COLOR, msg)
+        if self.formatter:
+            # use user-defined formatter
+            record.__dict__[self.message_key] = msg
+            return self.formatter.format(record)
+        return msg
+
+    def emit(self, record):
+        # set proper stream first
+        if record.levelno >= log.WARNING:
+            self.stream = sys.stderr
+        else:
+            self.stream = sys.stdout
+        logging.StreamHandler.emit(self, record)
+
+    def supports_color(self):
+        """Check whether current stream supports color."""
+        if hasattr(self.stream, "isatty") and self.stream.isatty():
+            return True
+        return False
+
+
 class ActionsMapParser(BaseActionsMapParser):
     """Actions map's Parser for the CLI
 
     Provide actions map parsing methods for a CLI usage. The parser for
-    the arguments is represented by a argparse.ArgumentParser object.
+    the arguments is represented by a ExtendedArgumentParser object.
 
     Keyword arguments:
-        - parser -- The argparse.ArgumentParser object to use
+        - parser -- The ExtendedArgumentParser object to use
+        - subparser_kwargs -- Arguments to pass to the sub-parser group
+        - top_parser -- An ArgumentParser object whose arguments should
+            be take into account but not parsed
 
     """
-    def __init__(self, parent=None, parser=None):
+
+    def __init__(
+        self, parent=None, parser=None, subparser_kwargs=None, top_parser=None
+    ):
         super(ActionsMapParser, self).__init__(parent)
 
-        self._parser = parser or argparse.ArgumentParser()
-        self._subparsers = self._parser.add_subparsers()
+        if subparser_kwargs is None:
+            subparser_kwargs = {"title": "categories", "required": False}
+        self._parser = parser or ExtendedArgumentParser()
+        self._subparsers = self._parser.add_subparsers(**subparser_kwargs)
+        self.global_parser = parent.global_parser if parent else None
 
+        if top_parser:
+            self.global_parser = self._parser.add_argument_group("global arguments")
 
-    ## Implement virtual properties
+            # Append each top parser action to the global group
+            for action in top_parser._actions:
+                action.dest = argparse.SUPPRESS
+                self.global_parser._add_action(action)
 
-    interface = 'cli'
+    # Implement virtual properties
 
+    interface = "cli"
 
-    ## Implement virtual methods
+    # Implement virtual methods
 
     @staticmethod
     def format_arg_names(name, full):
-        if name[0] == '-' and full:
+        if name.startswith("-") and full:
             return [name, full]
         return [name]
 
-    def add_global_parser(self, **kwargs):
-        return self._parser
+    def has_global_parser(self):
+        return True
 
     def add_category_parser(self, name, category_help=None, **kwargs):
         """Add a parser for a category
@@ -121,44 +330,120 @@ class ActionsMapParser(BaseActionsMapParser):
             A new ActionsMapParser object for the category
 
         """
-        parser = self._subparsers.add_parser(name, help=category_help)
-        return self.__class__(self, parser)
+        parser = self._subparsers.add_parser(
+            name, description=category_help, help=category_help, **kwargs
+        )
+        return self.__class__(
+            parent=self,
+            parser=parser,
+            subparser_kwargs={"title": "subcommands", "required": True},
+        )
 
-    def add_action_parser(self, name, tid, action_help=None, **kwargs):
+    def add_subcategory_parser(self, name, subcategory_help=None, **kwargs):
+        """Add a parser for a subcategory
+
+        Keyword arguments:
+            - subcategory_help -- A brief description for the category
+
+        Returns:
+            A new ActionsMapParser object for the category
+
+        """
+        parser = self._subparsers.add_parser(
+            name,
+            type_="subcategory",
+            description=subcategory_help,
+            help=subcategory_help,
+            **kwargs,
+        )
+        return self.__class__(
+            parent=self,
+            parser=parser,
+            subparser_kwargs={"title": "actions", "required": True},
+        )
+
+    def add_action_parser(
+        self,
+        name,
+        tid,
+        action_help=None,
+        deprecated=False,
+        deprecated_alias=[],
+        hide_in_help=False,
+        **kwargs,
+    ):
         """Add a parser for an action
 
         Keyword arguments:
             - action_help -- A brief description for the action
+            - deprecated -- Wether the action is deprecated
+            - deprecated_alias -- A list of deprecated action alias names
 
         Returns:
-            A new argparse.ArgumentParser object for the action
+            A new ExtendedArgumentParser object for the action
 
         """
-        return self._subparsers.add_parser(name, help=action_help)
+        return self._subparsers.add_parser(
+            name,
+            type_="action",
+            help=action_help,
+            description=action_help,
+            deprecated=deprecated,
+            deprecated_alias=deprecated_alias,
+            hide_in_help=hide_in_help,
+        )
+
+    def auth_method(self, args):
+        ret = self.parse_args(args)
+        tid = getattr(ret, "_tid", [])
+
+        # We go down in the subparser tree until we find the leaf
+        # corresponding to the tid with a defined authentication
+        # (yeah it's a mess because the datastructure is a mess..)
+        _p = self._subparsers
+        for word in tid[1:]:
+            _p = _p.choices[word]
+            if hasattr(_p, "authentication"):
+                return _p.authentication
+            else:
+                _p = _p._actions[1]
+
+        if tid == []:
+            return None
+
+        raise MoulinetteError(f"Authentication undefined for {tid} ?", raw_msg=True)
 
     def parse_args(self, args, **kwargs):
-        ret = self._parser.parse_args(args)
+        try:
+            return self._parser.parse_args(args)
+        except SystemExit:
+            raise
+        except Exception as e:
+            error_message = "unable to parse arguments '{}' because: {}".format(
+                " ".join(args),
+                e,
+            )
+            logger.exception(error_message)
+            raise MoulinetteValidationError(error_message, raw_msg=True)
 
-        if not self.get_conf(ret._tid, 'lock'):
-            os.environ['BYPASS_LOCK'] = 'yes'
+    def want_to_take_lock(self, args):
+        ret = self.parse_args(args)
+        tid = getattr(ret, "_tid", [])
+        if len(tid) == 3:
+            _p = self._subparsers.choices[tid[1]]._actions[1].choices[tid[2]]
+        elif len(tid) == 4:
+            _p = (
+                self._subparsers.choices[tid[1]]
+                ._actions[1]
+                .choices[tid[2]]
+                ._actions[1]
+                .choices[tid[3]]
+            )
 
-        # Perform authentication if needed
-        if self.get_conf(ret._tid, 'authenticate'):
-            auth_conf, klass = self.get_conf(ret._tid, 'authenticator')
-
-            # TODO: Catch errors
-            auth = msignals.authenticate(klass(), **auth_conf)
-            if not auth.is_authenticated:
-                raise MoulinetteError(errno.EACCES,
-                                      m18n.g('authentication_required_long'))
-            if self.get_conf(ret._tid, 'argument_auth') and \
-               self.get_conf(ret._tid, 'authenticate') == 'all':
-                ret.auth = auth
-
-        return ret
+        return getattr(_p, "want_to_take_lock", True)
 
 
-class Interface(BaseInterface):
+class Interface:
     """Command-line Interface for the moulinette
 
     Initialize an interface connected to the standard input/output
@@ -168,19 +453,28 @@ class Interface(BaseInterface):
         - actionsmap -- The ActionsMap instance to connect to
 
     """
-    def __init__(self, actionsmap):
+
+    type = "cli"
+
+    def __init__(
+        self,
+        top_parser=None,
+        load_only_category=None,
+        actionsmap=None,
+        locales_dir=None,
+    ):
         # Set user locale
         m18n.set_locale(get_locale())
 
-        # Connect signals to handlers
-        msignals.set_handler('display', self._do_display)
-        if os.isatty(1):
-            msignals.set_handler('authenticate', self._do_authenticate)
-            msignals.set_handler('prompt', self._do_prompt)
+        self.actionsmap = ActionsMap(
+            actionsmap,
+            ActionsMapParser(top_parser=top_parser),
+            load_only_category=load_only_category,
+        )
 
-        self.actionsmap = actionsmap
+        Moulinette._interface = self
 
-    def run(self, args, print_json=False):
+    def run(self, args, output_as=None, timeout=None):
         """Run the moulinette
 
         Process the action corresponding to the given arguments 'args'
@@ -188,74 +482,147 @@ class Interface(BaseInterface):
 
         Keyword arguments:
             - args -- A list of argument strings
-            - print_json -- True to print result as a JSON encoded string
+            - output_as -- Output result in another format. Possible values:
+                - json: return a JSON encoded string
+                - plain: return a script-readable output
+                - none: do not output the result
+            - timeout -- Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock
 
         """
-        try:
-            ret = self.actionsmap.process(args, timeout=5)
-        except KeyboardInterrupt, EOFError:
-            raise MoulinetteError(errno.EINTR, m18n.g('operation_interrupted'))
 
-        if ret is None:
+        if output_as and output_as not in ["json", "plain", "none"]:
+            raise MoulinetteValidationError("invalid_usage")
+
+        if not args:
+            raise MoulinetteValidationError("invalid_usage")
+
+        try:
+            ret = self.actionsmap.process(args, timeout=timeout)
+        except (KeyboardInterrupt, EOFError):
+            raise MoulinetteError("operation_interrupted")
+
+        if ret is None or output_as == "none":
             return
 
         # Format and print result
-        if print_json:
-            import json
-            print(json.dumps(ret))
+        if output_as:
+            if output_as == "json":
+                import json
+
+                print(json.dumps(ret, cls=JSONExtendedEncoder))
+            else:
+                plain_print_dict(ret)
         elif isinstance(ret, dict):
             pretty_print_dict(ret)
         else:
             print(ret)
 
+    def authenticate(self, authenticator):
+        # Hmpf we have no-use case in yunohost anymore where we need to auth
+        # because everything is run as root ...
+        # I guess we could imagine some yunohost-independant use-case where
+        # moulinette is used to create a CLI for non-root user that needs to
+        # auth somehow but hmpf -.-
+        msg = m18n.g("password")
+        credentials = self.prompt(msg, True, False, color="yellow")
+        return authenticator.authenticate_credentials(credentials=credentials)
 
-    ## Signals handlers
-
-    def _do_authenticate(self, authenticator, help):
-        """Process the authentication
-
-        Handle the core.MoulinetteSignals.authenticate signal.
-
-        """
-        # TODO: Allow token authentication?
-        msg = help or m18n.g('password')
-        return authenticator(password=self._do_prompt(msg, True, False,
-                                                      color='yellow'))
-
-    def _do_prompt(self, message, is_password, confirm, color='blue'):
+    def prompt(
+        self,
+        message,
+        is_password=False,
+        confirm=False,
+        color="blue",
+        prefill="",
+        is_multiline=False,
+        autocomplete=[],
+        help=None,
+    ):
         """Prompt for a value
 
-        Handle the core.MoulinetteSignals.prompt signal.
-
         Keyword arguments:
             - color -- The color to use for prompting message
-
         """
-        if is_password:
-            prompt = lambda m: getpass.getpass(colorize(m18n.g('colon', m),
-                                                        color))
-        else:
-            prompt = lambda m: raw_input(colorize(m18n.g('colon', m), color))
-        value = prompt(message)
+
+        if not os.isatty(1):
+            raise MoulinetteError(
+                "Not a tty, can't do interactive prompts", raw_msg=True
+            )
+
+        def _prompt(message):
+            if not is_multiline:
+                import prompt_toolkit
+                from prompt_toolkit.completion import WordCompleter
+                from prompt_toolkit.styles import Style
+
+                autocomplete_ = WordCompleter(autocomplete)
+                style = Style.from_dict(
+                    {
+                        "": "",
+                        "message": f"#ansi{color} bold",
+                    }
+                )
+
+                if help:
+
+                    def bottom_toolbar():
+                        return [("class:", help)]
+
+                else:
+                    bottom_toolbar = None
+
+                colored_message = [
+                    ("class:message", message),
+                    ("class:", ": "),
+                ]
+
+                return prompt_toolkit.prompt(
+                    colored_message,
+                    bottom_toolbar=bottom_toolbar,
+                    style=style,
+                    default=prefill,
+                    completer=autocomplete_,
+                    complete_while_typing=True,
+                    is_password=is_password,
+                )
+
+            else:
+                while True:
+                    value = input(
+                        colorize(m18n.g("edit_text_question", message), color)
+                    )
+                    value = value.lower().strip()
+                    if value in ["", "n", "no"]:
+                        return prefill
+                    elif value in ["y", "yes"]:
+                        break
+
+                initial_message = prefill.encode("utf-8")
+
+                with tempfile.NamedTemporaryFile(suffix=".tmp") as tf:
+                    tf.write(initial_message)
+                    tf.flush()
+                    call(["editor", tf.name])
+                    tf.seek(0)
+                    edited_message = tf.read()
+                return edited_message.decode("utf-8")
+
+        value = _prompt(message)
 
         if confirm:
             m = message[0].lower() + message[1:]
-            if prompt(m18n.g('confirm', m)) != value:
-                raise MoulinetteError(errno.EINVAL, m18n.g('values_mismatch'))
+            if _prompt(m18n.g("confirm", prompt=m)) != value:
+                raise MoulinetteValidationError("values_mismatch")
 
         return value
 
-    def _do_display(self, message, style):
-        """Display a message
-
-        Handle the core.MoulinetteSignals.display signal.
-
-        """
-        if isinstance(message, unicode):
-            message = message.encode('utf-8')
-        if style == 'success':
-            print('{} {}'.format(colorize(m18n.g('success'), 'green'), message))
-        elif style == 'warning':
-            print('{} {}'.format(colorize(m18n.g('warning'), 'yellow'), message))
+    def display(self, message, style="info"):  # i18n: info
+        """Display a message"""
+        if style == "success":
+            print("{} {}".format(colorize(m18n.g("success"), "green"), message))
+        elif style == "warning":
+            print("{} {}".format(colorize(m18n.g("warning"), "yellow"), message))
+        elif style == "error":
+            print("{} {}".format(colorize(m18n.g("error"), "red"), message))
         else:
             print(message)

moulinette/package.py.in

@@ -1,15 +0,0 @@
-# -*- coding: utf-8 -*-
-
-# Public constants defined during build
-
-"""Package's data directory (e.g. /usr/share/moulinette)"""
-datadir = '%PKGDATADIR%'
-
-"""Package's library directory (e.g. /usr/lib/moulinette)"""
-libdir = '%PKGLIBDIR%'
-
-"""Locale directory for the package (e.g. /usr/share/moulinette/locale)"""
-localedir = '%PKGLOCALEDIR%'
-
-"""Cache directory for the package (e.g. /var/cache/moulinette)"""
-cachedir = '%PKGCACHEDIR%'

moulinette/utils/filesystem.py

@@ -0,0 +1,374 @@
+import os
+import yaml
+import toml
+import errno
+import shutil
+import json
+import grp
+
+from pwd import getpwnam
+from collections import OrderedDict
+
+from moulinette import m18n
+from moulinette.core import MoulinetteError
+
+# Files & directories --------------------------------------------------
+
+
+def read_file(file_path, file_mode="r"):
+    """
+    Read a regular text file
+
+    Keyword argument:
+        file_path -- Path to the text file
+    """
+    assert isinstance(
+        file_path, str
+    ), "Error: file_path '{}' should be a string but is of type '{}' instead".format(
+        file_path,
+        type(file_path),
+    )
+
+    # Check file exists
+    if not os.path.isfile(file_path):
+        raise MoulinetteError("file_not_exist", path=file_path)
+
+    # Open file and read content
+    try:
+        with open(file_path, file_mode) as f:
+            file_content = f.read()
+    except IOError as e:
+        raise MoulinetteError("cannot_open_file", file=file_path, error=str(e))
+    except Exception as e:
+        raise MoulinetteError(
+            "unknown_error_reading_file", file=file_path, error=str(e)
+        )
+
+    return file_content
+
+
+def read_json(file_path):
+    """
+    Read a json file
+
+    Keyword argument:
+        file_path -- Path to the json file
+    """
+
+    # Read file
+    file_content = read_file(file_path)
+
+    # Try to load json to check if it's syntaxically correct
+    try:
+        loaded_json = json.loads(file_content)
+    except ValueError as e:
+        raise MoulinetteError("corrupted_json", ressource=file_path, error=str(e))
+
+    return loaded_json
+
+
+def read_yaml(file_):
+    """
+    Safely read a yaml file
+
+    Keyword argument:
+        file -- Path or stream to the yaml file
+    """
+
+    # Read file
+    file_path = file_ if isinstance(file_, str) else file_.name
+    file_content = read_file(file_) if isinstance(file_, str) else file_
+
+    # Try to load yaml to check if it's syntaxically correct
+    try:
+        loaded_yaml = yaml.safe_load(file_content)
+    except Exception as e:
+        raise MoulinetteError("corrupted_yaml", ressource=file_path, error=str(e))
+
+    return loaded_yaml
+
+
+def read_toml(file_path):
+    """
+    Safely read a toml file
+
+    Keyword argument:
+        file_path -- Path to the toml file
+    """
+
+    # Read file
+    file_content = read_file(file_path)
+
+    # Try to load toml to check if it's syntactically correct
+    try:
+        loaded_toml = toml.loads(file_content, _dict=OrderedDict)
+    except Exception as e:
+        raise MoulinetteError("corrupted_toml", ressource=file_path, error=str(e))
+
+    return loaded_toml
+
+
+def write_to_file(file_path, data, file_mode="w"):
+    """
+    Write a single string or a list of string to a text file.
+    The text file will be overwritten by default.
+
+    Keyword argument:
+        file_path -- Path to the output file
+        data -- The data to write (must be a string or list of string)
+        file_mode -- Mode used when writing the file. Option meant to be used
+        by append_to_file to avoid duplicating the code of this function.
+    """
+    assert (
+        isinstance(data, str) or isinstance(data, bytes) or isinstance(data, list)
+    ), "Error: data '{}' should be either a string or a list but is of type '{}'".format(
+        data,
+        type(data),
+    )
+    assert not os.path.isdir(file_path), (
+        "Error: file_path '%s' point to a dir, it should be a file" % file_path
+    )
+    assert os.path.isdir(
+        os.path.dirname(file_path)
+    ), "Error: the path ('{}') base dir ('{}') is not a dir".format(
+        file_path,
+        os.path.dirname(file_path),
+    )
+
+    # If data is a list, check elements are strings and build a single string
+    if isinstance(data, list):
+        for element in data:
+            assert isinstance(
+                element, str
+            ), "Error: element '{}' should be a string but is of type '{}' instead".format(
+                element,
+                type(element),
+            )
+        data = "\n".join(data)
+
+    try:
+        with open(file_path, file_mode) as f:
+            f.write(data)
+    except IOError as e:
+        raise MoulinetteError("cannot_write_file", file=file_path, error=str(e))
+    except Exception as e:
+        raise MoulinetteError("error_writing_file", file=file_path, error=str(e))
+
+
+def append_to_file(file_path, data):
+    """
+    Append a single string or a list of string to a text file.
+
+    Keyword argument:
+        file_path -- Path to the output file
+        data -- The data to write (must be a string or list of string)
+    """
+
+    write_to_file(file_path, data, file_mode="a")
+
+
+def write_to_json(file_path, data, sort_keys=False, indent=None):
+    """
+    Write a dictionnary or a list to a json file
+
+    Keyword argument:
+        file_path -- Path to the output json file
+        data -- The data to write (must be a dict or a list)
+    """
+
+    # Assumptions
+    assert isinstance(
+        file_path, str
+    ), "Error: file_path '{}' should be a string but is of type '{}' instead".format(
+        file_path,
+        type(file_path),
+    )
+    assert isinstance(data, dict) or isinstance(
+        data, list
+    ), "Error: data '{}' should be a dict or a list but is of type '{}' instead".format(
+        data,
+        type(data),
+    )
+    assert not os.path.isdir(file_path), (
+        "Error: file_path '%s' point to a dir, it should be a file" % file_path
+    )
+    assert os.path.isdir(
+        os.path.dirname(file_path)
+    ), "Error: the path ('{}') base dir ('{}') is not a dir".format(
+        file_path,
+        os.path.dirname(file_path),
+    )
+
+    # Write dict to file
+    try:
+        with open(file_path, "w") as f:
+            json.dump(data, f, sort_keys=sort_keys, indent=indent)
+    except IOError as e:
+        raise MoulinetteError("cannot_write_file", file=file_path, error=str(e))
+    except Exception as e:
+        raise MoulinetteError("error_writing_file", file=file_path, error=str(e))
+
+
+def write_to_yaml(file_path, data):
+    """
+    Write a dictionnary or a list to a yaml file
+
+    Keyword argument:
+        file_path -- Path to the output yaml file
+        data -- The data to write (must be a dict or a list)
+    """
+    # Assumptions
+    assert isinstance(file_path, str)
+    assert isinstance(data, dict) or isinstance(data, list)
+    assert not os.path.isdir(file_path)
+    assert os.path.isdir(os.path.dirname(file_path))
+
+    # Write dict to file
+    try:
+        with open(file_path, "w") as f:
+            yaml.safe_dump(data, f, default_flow_style=False)
+    except IOError as e:
+        raise MoulinetteError("cannot_write_file", file=file_path, error=str(e))
+    except Exception as e:
+        raise MoulinetteError("error_writing_file", file=file_path, error=str(e))
+
+
+def mkdir(path, mode=0o0777, parents=False, uid=None, gid=None, force=False):
+    """Create a directory with optional features
+
+    Create a directory and optionaly set its permissions to mode and its
+    owner and/or group. If path refers to an existing path, nothing is done
+    unless force is True.
+
+    Keyword arguments:
+        - path -- The directory to create
+        - mode -- Numeric path mode to set
+        - parents -- Make parent directories as needed
+        - uid -- Numeric uid or user name
+        - gid -- Numeric gid or group name
+        - force -- Force directory creation and owning even if the path exists
+
+    """
+    if os.path.exists(path) and not force:
+        raise OSError(errno.EEXIST, m18n.g("folder_exists", path=path))
+
+    if parents:
+        # Create parents directories as needed
+        head, tail = os.path.split(path)
+        if not tail:
+            head, tail = os.path.split(head)
+        if head and tail and not os.path.exists(head):
+            try:
+                mkdir(head, mode, parents, uid, gid, force)
+            except OSError as e:
+                if e.errno != errno.EEXIST:
+                    raise
+            if tail == os.curdir:
+                return
+
+    # Create directory and set permissions
+    try:
+        oldmask = os.umask(000)
+        os.mkdir(path, mode)
+        os.umask(oldmask)
+    except OSError:
+        # mimic Python3.2+ os.makedirs exist_ok behaviour
+        if not force or not os.path.isdir(path):
+            raise
+
+    if uid is not None or gid is not None:
+        chown(path, uid, gid)
+
+
+def chown(path, uid=None, gid=None, recursive=False):
+    """Change the owner and/or group of a path
+
+    Keyword arguments:
+        - uid -- Numeric uid or user name
+        - gid -- Numeric gid or group name
+        - recursive -- Operate on path recursively
+
+    """
+    if uid is None and gid is None:
+        raise ValueError("either uid or gid argument is required")
+
+    # Retrieve uid/gid
+    if isinstance(uid, str):
+        try:
+            uid = getpwnam(uid).pw_uid
+        except KeyError:
+            raise MoulinetteError("unknown_user", user=uid)
+    elif uid is None:
+        uid = -1
+    if isinstance(gid, str):
+        try:
+            gid = grp.getgrnam(gid).gr_gid
+        except KeyError:
+            raise MoulinetteError("unknown_group", group=gid)
+    elif gid is None:
+        gid = -1
+
+    try:
+        os.chown(path, uid, gid)
+        if recursive and os.path.isdir(path):
+            for root, dirs, files in os.walk(path):
+                for d in dirs:
+                    os.chown(os.path.join(root, d), uid, gid)
+                for f in files:
+                    os.chown(os.path.join(root, f), uid, gid)
+    except Exception as e:
+        raise MoulinetteError(
+            "error_changing_file_permissions", path=path, error=str(e)
+        )
+
+
+def chmod(path, mode, fmode=None, recursive=False):
+    """Change the mode of a path
+
+    Keyword arguments:
+        - mode -- Numeric path mode to set
+        - fmode -- Numeric file mode to set in case of a recursive directory
+        - recursive -- Operate on path recursively
+
+    """
+
+    try:
+        os.chmod(path, mode)
+        if recursive and os.path.isdir(path):
+            if fmode is None:
+                fmode = mode
+            for root, dirs, files in os.walk(path):
+                for d in dirs:
+                    os.chmod(os.path.join(root, d), mode)
+                for f in files:
+                    os.chmod(os.path.join(root, f), fmode)
+    except Exception as e:
+        raise MoulinetteError(
+            "error_changing_file_permissions", path=path, error=str(e)
+        )
+
+
+def rm(path, recursive=False, force=False):
+    """Remove a file or directory
+
+    Keyword arguments:
+        - path -- The path to remove
+        - recursive -- Remove directories and their contents recursively
+        - force -- Ignore nonexistent files
+
+    """
+    if recursive and os.path.isdir(path):
+        shutil.rmtree(path, ignore_errors=force)
+    else:
+        try:
+            os.remove(path)
+        except OSError as e:
+            if not force:
+                raise MoulinetteError("error_removing", path=path, error=str(e))
+
+
+def cp(source, dest, recursive=False, **kwargs):
+    if recursive and os.path.isdir(source):
+        return shutil.copytree(source, dest, symlinks=True, **kwargs)
+    else:
+        return shutil.copy2(source, dest, follow_symlinks=False, **kwargs)

moulinette/utils/log.py

@@ -0,0 +1,196 @@
+import os
+
+# import all constants because other modules try to import them from this
+# module because SUCCESS is defined in this module
+from logging import (
+    addLevelName,
+    setLoggerClass,
+    Logger,
+    getLogger,
+    NOTSET,  # noqa
+    DEBUG,
+    INFO,
+    WARNING,
+    ERROR,
+    CRITICAL,
+)
+
+__all__ = [
+    "NOTSET",  # noqa
+    "DEBUG",
+    "INFO",
+    "WARNING",
+    "ERROR",
+    "CRITICAL",
+    "SUCCESS",
+]
+
+
+# Global configuration and functions -----------------------------------
+
+SUCCESS = 25
+
+DEFAULT_LOGGING = {
+    "version": 1,
+    "disable_existing_loggers": False,
+    "formatters": {
+        "simple": {"format": "%(asctime)-15s %(levelname)-8s %(name)s - %(message)s"},
+    },
+    "handlers": {
+        "console": {
+            "level": "DEBUG",
+            "formatter": "simple",
+            "class": "logging.StreamHandler",
+            "stream": "ext://sys.stdout",
+        },
+    },
+    "loggers": {"moulinette": {"level": "DEBUG", "handlers": ["console"]}},
+}
+
+
+def configure_logging(logging_config=None):
+    """Configure logging with default and optionally given configuration
+
+    Keyword arguments:
+        - logging_config -- A dict containing logging configuration
+
+    """
+    from logging.config import dictConfig
+
+    # add custom logging level and class
+    addLevelName(SUCCESS, "SUCCESS")
+    setLoggerClass(MoulinetteLogger)
+
+    # load configuration from dict
+    dictConfig(DEFAULT_LOGGING)
+    if logging_config:
+        dictConfig(logging_config)
+
+
+def getHandlersByClass(classinfo, limit=0):
+    """Retrieve registered handlers of a given class."""
+
+    from logging import _handlers
+
+    handlers = []
+    for ref in _handlers.itervaluerefs():
+        o = ref()
+        if o is not None and isinstance(o, classinfo):
+            if limit == 1:
+                return o
+            handlers.append(o)
+    if limit != 0 and len(handlers) > limit:
+        return handlers[: limit - 1]
+    return handlers
+
+
+class MoulinetteLogger(Logger):
+    """Custom logger class
+
+    Extend base Logger class to provide the SUCCESS custom log level with
+    a convenient logging method. It also consider an optionnal action_id
+    which corresponds to the associated logged action. It is added to the
+    LogRecord extra and can be used with the ActionFilter.
+
+    """
+
+    action_id = None
+
+    def success(self, msg, *args, **kwargs):
+        """Log 'msg % args' with severity 'SUCCESS'."""
+        if self.isEnabledFor(SUCCESS):
+            self._log(SUCCESS, msg, args, **kwargs)
+
+    def findCaller(self, *args):
+        """Override findCaller method to consider this source file."""
+
+        from logging import currentframe, _srcfile
+
+        f = currentframe()
+        if f is not None:
+            f = f.f_back
+        rv = "(unknown file)", 0, "(unknown function)"
+        while hasattr(f, "f_code"):
+            co = f.f_code
+            filename = os.path.normcase(co.co_filename)
+            if filename == _srcfile or filename == __file__:
+                f = f.f_back
+                continue
+            rv = (co.co_filename, f.f_lineno, co.co_name)
+            break
+        return rv
+
+    def _log(self, *args, **kwargs):
+        """Append action_id if available to the extra."""
+        if self.action_id is not None:
+            extra = kwargs.get("extra", {})
+            if "action_id" not in extra:
+                # FIXME: Get real action_id instead of logger/current one
+                extra["action_id"] = _get_action_id()
+                kwargs["extra"] = extra
+        return super()._log(*args, **kwargs)
+
+
+# Action logging -------------------------------------------------------
+
+pid = os.getpid()
+action_id = 0
+
+
+def _get_action_id():
+    return "%d.%d" % (pid, action_id)
+
+
+def start_action_logging():
+    """Configure logging for a new action
+
+    Returns:
+        The new action id
+
+    """
+    global action_id
+    action_id += 1
+
+    return _get_action_id()
+
+
+def getActionLogger(name=None, logger=None, action_id=None):
+    """Get the logger adapter for an action
+
+    Return a logger for the specified name - or use given logger - and
+    optionally for a given action id, retrieving it if necessary.
+
+    Either a name or a logger must be specified.
+
+    """
+    if not name and not logger:
+        raise ValueError("Either a name or a logger must be specified")
+
+    logger = logger or getLogger(name)
+    logger.action_id = action_id if action_id else _get_action_id()
+    return logger
+
+
+class ActionFilter:
+    """Extend log record for an optionnal action
+
+    Filter a given record and look for an `action_id` key. If it is not found
+    and `strict` is True, the record will not be logged. Otherwise, the key
+    specified by `message_key` will be added to the record, containing the
+    message formatted for the action or just the original one.
+
+    """
+
+    def __init__(self, message_key="fmessage", strict=False):
+        self.message_key = message_key
+        self.strict = strict
+
+    def filter(self, record):
+        msg = record.getMessage()
+        action_id = record.__dict__.get("action_id", None)
+        if action_id is not None:
+            msg = "[{:s}] {:s}".format(action_id, msg)
+        elif self.strict:
+            return False
+        record.__dict__[self.message_key] = msg
+        return True

moulinette/utils/network.py

@@ -0,0 +1,64 @@
+import json
+
+from moulinette.core import MoulinetteError
+
+
+def download_text(url, timeout=30, expected_status_code=200):
+    """
+    Download text from a url and returns the raw text
+
+    Keyword argument:
+        url -- The url to download the data from
+        timeout -- Number of seconds allowed for download to effectively start
+        before giving up
+        expected_status_code -- Status code expected from the request. Can be
+        None to ignore the status code.
+    """
+    import requests  # lazy loading this module for performance reasons
+
+    # Assumptions
+    assert isinstance(url, str)
+
+    # Download file
+    try:
+        r = requests.get(url, timeout=timeout)
+    # SSL exceptions
+    except requests.exceptions.SSLError:
+        raise MoulinetteError("download_ssl_error", url=url)
+    # Invalid URL
+    except requests.exceptions.ConnectionError:
+        raise MoulinetteError("invalid_url", url=url)
+    # Timeout exceptions
+    except requests.exceptions.Timeout:
+        raise MoulinetteError("download_timeout", url=url)
+    # Unknown stuff
+    except Exception as e:
+        raise MoulinetteError("download_unknown_error", url=url, error=str(e))
+    # Assume error if status code is not 200 (OK)
+    if expected_status_code is not None and r.status_code != expected_status_code:
+        raise MoulinetteError(
+            "download_bad_status_code", url=url, code=str(r.status_code)
+        )
+
+    return r.text
+
+
+def download_json(url, timeout=30, expected_status_code=200):
+    """
+    Download json from a url and returns the loaded json object
+
+    Keyword argument:
+        url -- The url to download the data from
+        timeout -- Number of seconds allowed for download to effectively start
+        before giving up
+    """
+    # Fetch the data
+    text = download_text(url, timeout, expected_status_code)
+
+    # Try to load json to check if it's syntaxically correct
+    try:
+        loaded_json = json.loads(text)
+    except ValueError as e:
+        raise MoulinetteError("corrupted_json", ressource=url, error=str(e))
+
+    return loaded_json