Grouper Call of March 13, 2024
Attending
- Chris Hyzer, Penn, Chair
- Chad Redmond, Unicon
- Jim Beard, Unicon
- Vivek Sachdiva, independent
- Shilen Patel, Duke
- Carey Black, Purdue
Liam Hoekenga, UMich
- Gail Lift, UMich
Kellen Murphy, Univ of Virginia
- Chris Hubing, Internet2
Drew Aschenbrener, Internet2
- Emily Eisbruch, Internet2
This Grouper call was 30 minutes long, instead of the usual 90 minutes, due to Grouper training.
Administrivia
InCommon Basecamp is June 3-7, 2024 (online only)
- https://incommon.org/academy/camp-meetings/basecamp/
- Chris Hyzer is doing an advanced Grouper presentation
- We need a speaker(s) for this, anyone interested:
- If you are interested, please contact Chris Hubing
- Perhaps use slide deck from last year
- Hoping for a community member to present, not Internet2 staff
Foundations in Access & Grouping - Thursday, June 6 @ 12:15 - 1:00 pm ET Join this session for an exploration of Access & Grouping in higher education, where we unpack the business concept and practical applications. Learn key terms such as access, groups, and roles, and discover basic and complex workflows for managing access permissions and group memberships. Gain insights into different access architectures and real-world examples of implementation within universities. Learning Objectives for the Attendees: 1) Understand access & grouping in context of the reference architecture + key terms including roles, role-based access, and attribute-based access 2) See basic workflows for adding individuals to groups in higher education settings, highlighting membership management processes. 3) Understand how to navigate more complex workflows involving group calculations, demonstrating advanced access management techniques. 4) See/understand basic access architectures commonly found in higher ed, providing context for implementing access and grouping concepts effectively 5) Get insights into grouping and authorization strategies in a hybrid cloud environment (e.g. local directory + Azure/AWS/GCP) |
Grouper Training is ongoing this week (March 12-15, 2024) https://incommon.org/academy/grouper-school/
Current Work
Vivek
- Rules screen is done
- Vivek and Chris will work together on rules screens to finalize
- Chad found issue w Grouper provisioner, now fixed
- If not selecting all groups and entities from a membership object provisioner (google) and someone added a user or membership at target, Grouper was not able to link back to the right group
- Now working on deleting folders should also delete rules, this is in progress
https://todos.internet2.edu/browse/GRP-5336 (when deleting groups/folders, check for rules, and let user know, and delete those rules too)
Shilen
- Wrapped up switch from maintenance job to other jobs
- https://todos.internet2.edu/browse/GRP-5331 Convert grouperReport MAINTENANCE job to OTHER_JOB
- https://todos.internet2.edu/browse/GRP-5346 Convert group sync (another Grouper) MAINTENANCE jobs to OTHER_JOB
- Now when you go to UI for new composite change log, sub jobs will show automatically
- https://todos.internet2.edu/browse/GRP-5333
- Shilen will look at when to update last job status on the daemon job screen
Chris
- Chris and Chad working on Grouper Training, happening this week
- Two new training modules on ABAC are being presented
- Hope to go thru read only / view only sysadmin groups to be sure they have access they need
- Logging issues in v5
- Used to log to pipes
- Didn’t totally switch over
- If you get latest Grouper v 5.8.6 (not yet announced) the tomcat logs will go to standard error,
- If logging to files it won’t go to standard errors unless you turn that on
Cert path issue got fixed
This feature was requested by Bert and added: Grouper GSH script daemon loader from Google sheet
- In latest Grouper v4, there are no known issues
- Grouper v5 is pretty stable
Issue Round Up
JIRAS in past 2 weeks
- GRP-5364
allow read-only users to have full access to grouper - GRP-5363
add attribute options for findGroups in grouper client
GRP-5362
make the app template key and friendly name consistent with groups
GRP-5361
NPE trying to view "Unresolvable subjects" in the UI.
GRP-5360
clarify this provisioning setting in ui: deleteValueIfManagedByGrouper
GRP-5359
add option in container to GROUPER_LOG_TO_STDERR and all logs to go stderr
GRP-5358
default self signed tomcat cert in v5 should be /opt/container_files/certs/client/localhost.pem
GRP-5357
if not logging to pipes, the tomcat catalina logs should go to stderr
GRP-5356
Memberships created in target without Grouper (for membershipObject type provisioners aka not ldap) will not get deleted even if grouper is authoritative for memberships (in tracked groups only)
GRP-5355
GroupSave (and likely other APIs) should support local "default" behaviour overrides in the Grouper config set
GRP-5354
give a friendly error when setting up composites wrong
GRP-5353
make new test method for google with select entities false and select groups false
GRP-5352
google mock service should fetch individual users by email address
GRP-5351
Keep a reference to the current session so it doesnt disappear
GRP-5350
No open grouper session right after creating one
GRP-5349
Google mock service can't fetch an individual group
GRP-5348
make google api commands methods for arbitrary calls public
GRP-5347
GrouperLoader.runOnceByJobName should run long running jobs once only if running without daemon
GRP-5346
Convert group sync (another Grouper) MAINTENANCE jobs to OTHER_JOB
GRP-5345
allow v2 abac templates
GRP-5344
allow abac type templates to be shown on any grou
Grouper Wiki Updates
- v4 Upgrade instructions from v4
- Grouper Training Environment
- Grouper Training Environment developer notes
- Grouper Web Services
- v5 Upgrade Instructions from v4
- Grouper container documentation for v2.5
- v5 Release Notes
- Executive Summary
- Grouper Packaging and Versioning
- Grouper UIs
- Grouper Book - Monitoring and Reporting
- Grouper smtp external system
- Grouper daemon "other job" to run a script
- Grouper GSH change log consumer
- Grouper membership eligibility requirements
- Grouper GSH script daemon loader from Google sheet
- Grouper ABAC Crashplan deprovisioning example
- Grouper rules
- Composite changes
- Grouper Product Roadmap
Next Grouper Call: Wed. March 27, 2024