Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redman, University of North Carolina Chapel Hill
- Carey Black, the Ohio State University
- Vivek Sachdiva, independent
- Emily Eisbruch, Internet2
Discussion
- https://internet2.edu/community/about-us/policies/internet2-intellectual-property-policy/
- Approve minutes
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda bash
New Action Items
- AI Chris better explain prefixed lines from GSH script
- AI Chad will follow up on Grouper Demo Site Access issue and suggest he try social credentials for access to demo
- AI Chad add info to the Grouper wiki on OpenShift
High Level plan for Grouper over next 6 months
- Where we are now:
- Over last 2 weeks did U of Ariz syncing Grouper work
- Internet2 is OK with the COmanage to Grouper GSH Interface
- Internet2 template is implemented
- They call if from Web services
- Vivek working on UI and templates
- People can soon start kicking tires
- New wiki on Security and GSH templates Grouper GSH template wizard security
- Potential contest: if community member finds an issue, they get a gift card
- Team needs to review
- Focus on provisioning again
- U Michigan wants to get to work on this
- Shilen working on performance
- Goal , All provisioners converted and load tested in next few months
- Need to work on diagnostics and large logs
- Nothing else major for Grouper 2.5
- Migration script for new subject source strategy
- To edit in UI
- Workflow, reports, configured w attributes on groups
- Won’t have a lot
- So perhaps refactor
- Config file approach w wizard
- Custom UI and workflow, more wizardy interface versus JSON config approach
- Hopefully not too big a lift
- So done in 3 to 4 months
- Then work on JIRAs for a month, to stabilize
- Over last 2 weeks did U of Ariz syncing Grouper work
- Looking ahead:
- Get things stable and work on Grouper 2.6
- Database needs too much space
- App servers need too much memory
- A few performance issues
- Look at database, pare down for Grouper 2.6
- Do some proof of concepts
- Unicon is contributing code where CAS and Shib can run from server filter
- Get that running and then remove Apache and just have tomcat
- Working w SCIM for provisioning
- Mock SCIM provisioning
- Implement in web services layer
- Replace the Penn State SCIM server
- Then go to Tomcat instead of TOMEE
- Move to Grouper 3.0?
-
- For Grouper 3.0 look at database
- The way audits are stored in database is not efficient
- More towards performance,
- Must have a migration path and support existing queries
-
- Suggestion: redo the UI and make it better
- Half screen is blank for provisioning
- Must be centered and have certain number of pixels
- Move menu to left
- Maybe just move outer frame
- One template page to change?
-
- High Level view for Grouper work for next 6 months
-
- Reports and workflow and custom UIs, use more central wizard
- Then work on JIRAs
- Next 2.6 or 3.0 , focus on performance, pare down container
- Some improvements to Grouper UI
- Carey: database performance is high priority
- See what ehCache is doing , there is chaining
-
- Working on UI is good idea
- Expensive operation should show progress it’s making
- Rather than just showing spin
- For imports this works?
- For composite, or adding a member, can take a long time
- Hard to do automatic, must kick off in a thread,
- There will be some code to implement that,
- Composites and folder delete
-
- Carey: Even import function can timeout , with large sets of data
- Browser session gets interrupted
- Duke running into database images
- Long UUIDs might be part of the problem
- Hope to make migration not too difficult
- Primary and foreign keys, can add while current system is working
- Then Cut over
- Imagine split out priv from membership table
- UUIDs hard codes for links could be impacted
- Chris thinking UUID would still exist, but it would be a 16 byte instead of a string
- Problem in tying into tables
- Using views should work
- Container life cycle
- Carey: Upgrade to next container, then if I need to backtrack
- Would be great to be both forward and backward compatible
- Chris: probably not with 2.0 to 3.0
- Probably not with 2.5 to 3.0
- Database performance issues, changing from varcar? to blob
- Might help
- Auditing is too large a table now, needs more indexing
- Creating a group loops thru all the object types and parent folders
- Lots of java function calls that are not database calls
- Hard to pinpoint one thing for performance
- Changing IDs to Bytes and not using them as foreign keys
- Vivek: ideas presented make sense: using screen better, addressing database issues
- Library upgrades, use new version of Hibernate
- Security updates for library
- Get things stable and work on Grouper 2.6
JIRAs Process
- Participate in JIRA process, but the community is not very involved
- Perhaps the team should promote the JIRA usage more
- Clean up old JIRAs
- Good idea
- Could integrate JIRA with Grouper Slack
CURRENT WORK
Vivek
- GSH templates Confluence Mobile
- https://spaces.at.internet2.edu/display/Grouper/Grouper+custom+template+via+GSH+Internet2+example
- https://spaces.at.internet2.edu/display/Grouper/Grouper+GSH+template+wizard+security
-
- UI and cleaning up WS
- Web services has ACT AS
- Internet2 use case from COmange needs credential
- So only has credential for that template
- Run GSH from UI in controlled way
- Help text needs review
- There are drop down options
- There are Showing mode options
- Think about adding sub menus later
- Menu underneath “More Actions” ?
- Indexing feature
- Chad: why use UUIDs instead of group names? Chris: will go through this
- Carey: Looks good, helpful feature
- Good work Vivek!
- Chris and Vivek will discuss getting this into a release
- Please review the security https://spaces.at.internet2.edu/display/Grouper/Grouper+GSH+template+wizard+security
- Script will take whatever script you specify,
- Will dynamically write your inputs plus built ins
- Validation happens and if it fails, script won’t be run
- Need best practices to stop from executing dynamically in certain cases
- Prefixed lines from GSH script might need better explanation
- AI Chris better explain prefixed lines from GSH script
- Start w builder class and write UI around that
- JIRA to consolidate so UI will call correctly and logic in one place
- Another example: assigning attributes, code is not easy to use.
-
Chris:
- Working on the syncing of Groupers
- Syncing objects to Grouper from another Grouper instance
- Syncing groups between group management systems
- Syncing groups between group management systems via WS
- U of Arizona is using this
- Nice if loader logs could hold more than 4K
Shilen:
- Working on Propagation
- thru full and incremental sync of provisioner
- When a group or folder gets created or updated, the incremental will get all the parent folders to see if an indirect assignment should be added.
- Looks at attribute assign value add and delete
- If have a folder with 1000 groups under it and it’s a direct assign and provisioning changes…. Children may need to be recalculated or attributes updated. Can result in 1000 additional,
- Hope to wrap up this work next week
Chad:
- Still need to work on Azure testing
- So it works the way current change log provisioner works
- Need to look at the metadata
- Different types of groups
- Grouper is working on OpenShift in non prod environment at UNC
- If running Apache things are easier
- Need to document best practice for building and deploying
- Add this to the wiki
- AI Chad add info to the Grouper wiki on OpenShift
- Lightweight profile for Groovy, Chad added to GSH text??,
- Will add to wiki
Issue Roundup
Grouper Emails in past two weeks
[grouper-users] Grouper demo site?, Takeshi Nishimura, 03/01/2021
- Re: [grouper-users] Grouper demo site?, Olivier Salaün, 03/01/2021
- Re: [grouper-users] Grouper demo site?, Olivier Salaün, 03/02/2021
- Re: [grouper-users] Grouper demo site?, Takeshi Nishimura, 03/02/2021
- MDQ, no discovery feed, switched to flat file, Chad working on this
- Edugain issue
- AI Chad will follow up on Grouper Demo Site Access issue and suggest he try social credentials for logging into Grouper Demo
- Re: [grouper-users] Grouper demo site?, Olivier Salaün, 03/02/2021
- Re: [grouper-users] Grouper demo site?, Takeshi Nishimura, 03/01/2021
Jiras in past two week
add stem marker attribute save method chained class
allow disabled date rules to take decimal number of days
stem attestation save GSH method chained class
attestation recertify date is wrong for groups which inherit custom daysToRecertify from stem
subject source wizard attribute format to lower case should default false instead of no default
change "Delete" in folder more actions to match other actions, e.g. "Delete folder"
change attestation in UI to use the attestation save method chained classes
Grouper Provisioning attribute propagation
allow new composite on group which only has members with delete date
folder copy (and maybe group copy) has error (maybe with inherited privs)
folder copy is not copying groups
input names in gsh templates must start with gsh_input_ and be only alphaNumeric and dash
config id must be checked on screen where it is entered
grouper config in DB newlines should be normalized
gsh template drop down input must match choices in drop down
gsh template drop down allow options configured
gsh template with validation error cannot be edited
gsh template html escape validation messages
gsh template sample capture of WS input and output
drop down options will have blank option as first selection
gsh template externalize drop down options logic to own class
gsh template externalize validation in own class
add gsh template built in "no colon" validation for display extensions
add attribute gsh method chained method
add attestation gsh method chained command
allow provisionable assignments even if provisioner is not valid. or give good error message
Help link page text out of date with UI
add inherited privileges to WS
queries in sql grouper sync should be textareas
write large daemon logs to grouper_loader_log and be able to download
Privilege group inherit save error
error finding metadata when space in query
stem privs in grouper sync add and remove
autodiscover columns in sync from grouper back to 1.6
set jdbc and hibernate fetch size to 1000
change container env vars to have GROUPER_ prefix: ENV and USERTOKEN
rules dont fire when enabled/disabled changes
Add container param to set static instrumentation uuid
handle colons in basic auth better
ldap external system should default to false for tls
add url examples in database external system, or a url builder
daemons with underscores in config ids cannot be edited
daemon edit screen not getting input from user
GRP-3158
all gsh scripts from run inside grouper jvm to support conditionals and better output
GRP-3157
add gsh and sql script jobs to configuration wizard for daemons
GRP-3156
pspng npe on change log consumer
GRP-3155
config view should show value of EL (not for password)
GRP-3154
add provisioner option to log errors
Grouper wiki updates in past two weeks
- Grouper container documentation for v2.5
- Grouper custom template via GSH
- Grouper custom template via GSH Internet2 example
- Grouper membership reasons
- Grouper Zoom provisioning
- Grouper GSH template wizard security
- Syncing objects to Grouper from another Grouper instance
- Syncing objects to Grouper from SQL
- Grouper daemon "other job"
- Grouper demo Technical Administration
- Grouper database fetch size
- v2.5 Upgrade Instructions from v2.4
- v2.5 Upgrade Instructions from v2.5
- Grouper data structure improvements (see note at bottom from Michael J Porter , Feb 22, 2021)
- v2.5 Release Notes
- Grouper v2.5 container unit tests
- Syncing objects to Grouper from another Grouper instance
- Syncing groups between group management systems
- Syncing groups between group management systems via WS
- Grouper daemon "other job" to control other daemons
- Grouper development environment
- Grouper provisioning: identifying groups for provisioning
Next Grouper Call: Wed March 17, 2021