Grouper Call of May 22, 2024

Attending 

  • Chris Hyzer, Penn, Chair
  • Vivek Sachdiva, independent
  • Shilen Patel, Duke
  • Carey Black, Purdue
  • Gail Lift, University of Michigan
  • Liam Hoekenga, University of Michigan
  • Bert Bee Lindgren, GA Tech
  • Henry Hyzer, intern
  • Emily Eisbruch, Independent


DISCUSSION


Administrivia



InCommon Basecamp is June 3-7, 2024 (online only)

Internet2 Technology Exchange 2024 is in Boston Dec 9-13

Current Work

Vivek

SCIM based provisioning

  • enhancing and making it compatible with Service Now
  • Bring attributes, user data into Grouper
  • Goal is to be able to have arbitrary SCIM attributes for groups and entities
  • Can be extended attributes in SCIM schema or custom schemas
  • If you have objects or sub objects and can get attribute value, than you can have an EL expression of an attribute name, JSON pointer
  • Grouper util can take a JSON pointer and read from a JSON representation and create whatever objects are needed if they don’t exist
  • Now we need to be able to provision that
  • Challenge with service now case: value of custom attributes are pointers to other IDs in service Now.  We have 2 tables: user table and attribute table

  • Also Michael G requested a SCIM enhancement for GitHub


Rules

    • When you create rules and reference other objects, there are issues around permissions
    • Complex criteria, many scenarios
    • For example, One criteria for Ref Group, another criteria for Basis Group
    • If you click to edit a rule, what should happen?
    • Progress: when you are editing a rule, you can see what objects are being referred to. But you might not be able to edit the rule if you don’t have the right permission
    • Need inherited read permission
    • Now there is an inherited privilege finder
    • Does this wiki need updating ? https://spaces.at.internet2.edu/display/Grouper/Grouper+rules+privileges+inheritance+on+UI



Shilen

  • Worked on performance, along with Chris
  • 1 converted some data structures to use arrays instead of sets
  • 2 Reduce memory usage for duplicated strings 
  • 3 Re-use objects provisioning group and provisioning entity
  • The changes have resulted in big improvements in memory needed for large scale provisioning to LDAP
  • Question: what about looking at database interactions?
  • Chris Hyzer: this work mostly focused on memory and issue of daemons that crash, but we are interested in database interactions

Harry

  • Working on proof of concept for Swagger
  • Goal is to make web services easier to use
  • Question: will this be extensible?
  • Answer: not super easy, hard to find where the Swagger parameters go
  • U Mich is going to start using web services
  • Making a postman collection of the various Grouper web services
  • Using free version of postman
  • Intent to contribute that
  •  OpenAPI 
  • Postman website has instructions  on importing Swagger into postman
  • Can update the wiki to let users know   is Swagger is being used
  • Will have something on the demo server showing Swagger
  • Config for web service URL, Harry may work on this
  • Harry and Chris will Explore Swagger Code Gen


Chris

  • Looking at programmatically using Grouper interface  
  • No success so far with  Selenium or headless Chrome. 
  •  Looking at playright.  https://playwright.dev/   Microsoft open source. Higher level than Selenium
  • Installed https://playwright.dev/ on POM
  • It dynamically downloads what is needed
  • You can record and run scripts 
  • Recording window generates code
  • Need to look at different parts of the UI we want to interact with
  • Adjust attributes in HTML
  • Put indicator of where attribute is on the page
  • This helps with scripting
  • Changes to the UI and coming up with library of these methods
  • Then as we make adjustments we can adjust the methods
  • Suggestion to have image released with playright and an image released without https://playwright.dev/
  • Using same container?
  • Comment: Suggestion for Groovy script
  •   Don’t want to have this https://playwright.dev/ pluggable library  with every image
  •  Make it OSGI?
  • Concern about Grouper UI evolving and changing input field
  • Change UI to add HTML attributes to make it easier to use this tool
  • Discuss more on InCommon Slack
  • Options:
    • 1. Add https://playwright.dev/ in
    • 2. Make it like an OSGI sidecar module
    • 3. Have multiple containers
    • 4. Don’t add it, but provide instructions on how you can add it


Grouper Instrumentation

  • Grouper Instrumentation is a priority
  • Report back from Grouper to a central collector
  • On what features of Grouper are being used
  • We have a starting point but need to make progress


Grouper Documentation (possible intern task)

  • Make every UI screen have an opportunity for a wiki doc about it
  • Also opportunity for local doc on that screen
  • You click help and get choice of wiki doc or your institutions link
  • Task: Go thru UI and implement this approach
  • Perhaps the Grouper doc team can help
  • Versioning is a concern
  • Issue: You click on HELP and get doc for version that is different from the one your institution is using

ABAC

  • issue in ABAC Not all rows returned by data provider are represented in Grouper
  • In JEXL scripted groups for ABAC the syntax now allows you to have an inlist thing.
  • You don’t have to say what attribute equals
  • Changes Chris Hyzer just made:
  • Keys to row: use minimum number of columns
  • Key values were not allowed to be duplicates and key values were not allowed to be null
  • Now you can have keys that are null
  • Will convert to ISNULL for the database
  • Grouper v5 new version will be released soon

Chad

    • Made progress on converting container build from installer (java) to scripted container build. Works in V5.  Hope to not change the installer too much going forward.  
  • AI Chad will send a pointer to Chris Hyzer for the work on converting container build from installer to scripted container build


Issue Roundup

JIRAs

Wiki updates



Next Grouper Call:  Wed. June 5, 2024

-----

 

 

  • No labels