3-March-2021

Attending

Chris Hyzer, Penn, Chair
Shilen Patel, Duke
Chad Redman, University of North Carolina Chapel Hill
Carey Black, the Ohio State University
Vivek Sachdiva, independent
Emily Eisbruch, Internet2

Discussion

https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
Approve minutes
Review AIs Grouper Project Action Items (Google Doc)
Agenda bash

New Action Items

AI Chris better explain prefixed lines from GSH script
AI Chad will follow up on Grouper Demo Site Access issue and suggest he try social credentials for access to demo
AI Chad add info to the Grouper wiki on OpenShift

High Level plan for Grouper over next 6 months

Where we are now:
- Over last 2 weeks did U of Ariz syncing Grouper work
- Internet2 is OK with the COmanage to Grouper GSH Interface
- Internet2 template is implemented
- They call if from Web services
- Vivek working on UI and templates
- People can soon start kicking tires
- New wiki on Security and GSH templates Grouper GSH template wizard security
- Potential contest: if community member finds an issue, they get a gift card
- Team needs to review
- Focus on provisioning again
- U Michigan wants to get to work on this
- Shilen working on performance
- Goal , All provisioners converted and load tested in next few months
- Need to work on diagnostics and large logs
- Nothing else major for Grouper 2.5
- Migration script for new subject source strategy
- To edit in UI
- Workflow, reports, configured w attributes on groups
- Won’t have a lot
- So perhaps refactor
- Config file approach w wizard
- Custom UI and workflow, more wizardy interface versus JSON config approach
- Hopefully not too big a lift
- So done in 3 to 4 months
- Then work on JIRAs for a month, to stabilize
Looking ahead:
- Get things stable and work on Grouper 2.6
- Database needs too much space
- App servers need too much memory
- A few performance issues
- Look at database, pare down for Grouper 2.6
- Do some proof of concepts
- Unicon is contributing code where CAS and Shib can run from server filter
- Get that running and then remove Apache and just have tomcat
- Working w SCIM for provisioning
- Mock SCIM provisioning
- Implement in web services layer
- Replace the Penn State SCIM server
- Then go to Tomcat instead of TOMEE
- Move to Grouper 3.0?
- For Grouper 3.0 look at database
- The way audits are stored in database is not efficient
- More towards performance,
- Must have a migration path and support existing queries
- Suggestion: redo the UI and make it better
- Half screen is blank for provisioning
- Must be centered and have certain number of pixels
- Move menu to left
- Maybe just move outer frame
- One template page to change?
- High Level view for Grouper work for next 6 months
- Reports and workflow and custom UIs, use more central wizard
- Then work on JIRAs
- Next 2.6 or 3.0 , focus on performance, pare down container
- Some improvements to Grouper UI
- Carey: database performance is high priority
- See what ehCache is doing , there is chaining
- Working on UI is good idea
- Expensive operation should show progress it’s making
- Rather than just showing spin
- For imports this works?
- For composite, or adding a member, can take a long time
- Hard to do automatic, must kick off in a thread,
- There will be some code to implement that,
- Composites and folder delete
- Carey: Even import function can timeout , with large sets of data
- Browser session gets interrupted
- Duke running into database images
- Long UUIDs might be part of the problem
- Hope to make migration not too difficult
- Primary and foreign keys, can add while current system is working
- Then Cut over
- Imagine split out priv from membership table
- UUIDs hard codes for links could be impacted
- Chris thinking UUID would still exist, but it would be a 16 byte instead of a string
- Problem in tying into tables
- Using views should work
- Container life cycle
- Carey: Upgrade to next container, then if I need to backtrack
- Would be great to be both forward and backward compatible
- Chris: probably not with 2.0 to 3.0
- Probably not with 2.5 to 3.0
- Database performance issues, changing from varcar? to blob
- Might help
- Auditing is too large a table now, needs more indexing
- Creating a group loops thru all the object types and parent folders
- Lots of java function calls that are not database calls
- Hard to pinpoint one thing for performance
- Changing IDs to Bytes and not using them as foreign keys
- Vivek: ideas presented make sense: using screen better, addressing database issues
- Library upgrades, use new version of Hibernate
- Security updates for library

JIRAs Process

Participate in JIRA process, but the community is not very involved
Perhaps the team should promote the JIRA usage more
Clean up old JIRAs
Good idea
Could integrate JIRA with Grouper Slack

CURRENT WORK

Vivek

GSH templates Confluence Mobile

https://spaces.at.internet2.edu/display/Grouper/Grouper+custom+template+via+GSH+Internet2+example
https://spaces.at.internet2.edu/display/Grouper/Grouper+GSH+template+wizard+security
UI and cleaning up WS
Web services has ACT AS
Internet2 use case from COmange needs credential
So only has credential for that template
Run GSH from UI in controlled way
Help text needs review
There are drop down options
There are Showing mode options
Think about adding sub menus later
Menu underneath “More Actions” ?
Indexing feature
Chad: why use UUIDs instead of group names? Chris: will go through this
Carey: Looks good, helpful feature
Good work Vivek!
Chris and Vivek will discuss getting this into a release
Please review the security https://spaces.at.internet2.edu/display/Grouper/Grouper+GSH+template+wizard+security
Script will take whatever script you specify,
Will dynamically write your inputs plus built ins
Validation happens and if it fails, script won’t be run
Need best practices to stop from executing dynamically in certain cases
Prefixed lines from GSH script might need better explanation
AI Chris better explain prefixed lines from GSH script
Start w builder class and write UI around that
JIRA to consolidate so UI will call correctly and logic in one place
Another example: assigning attributes, code is not easy to use.

Chris:

Working on the syncing of Groupers

U of Arizona is using this
Nice if loader logs could hold more than 4K

Shilen:

Working on Propagation
thru full and incremental sync of provisioner
When a group or folder gets created or updated, the incremental will get all the parent folders to see if an indirect assignment should be added.
Looks at attribute assign value add and delete
If have a folder with 1000 groups under it and it’s a direct assign and provisioning changes…. Children may need to be recalculated or attributes updated. Can result in 1000 additional,
Hope to wrap up this work next week

Chad:

Still need to work on Azure testing
So it works the way current change log provisioner works
Need to look at the metadata
Different types of groups
Grouper is working on OpenShift in non prod environment at UNC
If running Apache things are easier
Need to document best practice for building and deploying
Add this to the wiki
AI Chad add info to the Grouper wiki on OpenShift
Lightweight profile for Groovy, Chad added to GSH text??,
Will add to wiki

Issue Roundup

Grouper Emails in past two weeks

[grouper-users] Grouper demo site?, Takeshi Nishimura, 03/01/2021

Re: [grouper-users] Grouper demo site?, Olivier Salaün, 03/01/2021
- Re: [grouper-users] Grouper demo site?, Olivier Salaün, 03/02/2021
- Re: [grouper-users] Grouper demo site?, Takeshi Nishimura, 03/02/2021
- MDQ, no discovery feed, switched to flat file, Chad working on this
- Edugain issue
- AI Chad will follow up on Grouper Demo Site Access issue and suggest he try social credentials for logging into Grouper Demo