Grouper
Child pages
  • 18-Sept-2019
Skip to end of metadata
Go to start of metadata

  

Attending 

  • Chris Hyzer, Penn, Chair
  • Chad Redman, UNC
  • Shilen Patel, Duke
  • Carey Black, the Ohio State University
  • Bill Thompson, Lafayette
  • Emily Eisbruch, Internet2



New Action Items

  • [AI] Emily  Set up call with Jessica, Emily, Bill, Chris to discuss the Doc Repository relationship to the Grouper Deployment Guide 
  • [AI] Entire Grouper Team please review the Grouper Deployment Guide and leave comments at least on one section if not whole thing
  • [AI] Shilen create a JIRA for issue on bulk query

Discussion

Welcome BillT to the Grouper Dev Team, working 25%  time

  • Working on Grouper Deployment Guide currently


Grouper at TechEx 2019


Grouper Training 



Grouper Deployment Guide v 2.0 is in progress here:

  • https://spaces.at.internet2.edu/display/Grouper/Grouper+Deployment+Guide+2.0
  • Seeking community input on the new format and ways to improve
  • the content. If you log in to the wiki you can leave inline comments.
  • To enter an inline comment, look at the page in view mode, and
  • highlight the text which you would like to comment on.
    • You'll see the button “Add inline comment,” click on it to display the comment window to the right where you can enter your comment.
  • You can also send feedback via email on grouper-users  
  • Carey:  Best way to contribute to Grouper Deployment Guide was discussed on the TIER API call.
  • Bill:
    • Now that we are editing the GDG, it’s a work in progress, so it’s OK to add online comments.
    • Can fix typos directly, 
    • If it’s something substantial, leave a comment, call it out in the wiki
    • Then the comments will be reviewed and curated.
    • Previously the Grouper Deployment Guide was in  a PDF and was static
    • Hope it will become more of a living document
    • May make smaller improvements, iterative
  • Matt: Tension between making the Grouper Deployment Guide high quality and making it iterative.
  • AI Emily  Set up call with Jessica, Emily, Bill, Chris to discuss the Doc Repository relationship to the Grouper Deployment Guide  (working on it)
  • Goal  for official rev of Grouper Deployment Guide by 2019 TechEx in New Orleans in December
  • AI Entire Grouper Team please review the Grouper Deployment Guide and leave comments at least on one section if not whole thing
  • Chris has made comments, see the yellow highlighted text 


Bill T

  • Grouper Deployment Guide
  • Auckland trip  went well 
    • They have a robust IAM team
    • They have Grouper  in Deployment, specific to their previous way of doing things, 
    • hope they may adopt a more community centric approach, using Docker
    • They’re working on  a proof of concept for a new approach
    • Did an analysis of changes that will be needed
    • On Grouper Details page, there was a checkbox around AD, provision or not, that was a customization
    • Bill T may work on  a checkbox if this is an important need for Auckland
    • Kafka publisher 


Bug Roundup

The team has been focusing on addressing bugs/jiras

https://spaces.at.internet2.edu/display/Grouper/v2.4+Bug+roundup


Vivek – working on Bugs, attribute assignments from attributes screen

Chris 

  • Bugs, attribute assign queries
  • Did a patch for Matt’s tOSU DUO

  Shilen –  

    • Finished bug fix for incremental loader and case insensitivity
    • Worked on heading and max results for LDAP subject source 
    • Worked on   Max Results issue  https://todos.internet2.edu/browse/GRP-2318
    • Wildcard searching , should the current behavior be changed?  Yes, remove the asterisk 
    • Bulk subject lookups and loader , waiting for Bert to send what he had done
      • Loader job by identifier , gets from external source and members table and compares  
      • If not subject caching, it tries to resolve all , but it should only resolve a subset  
    • Proposal, when SQL starts, it can split into multiple threads, each can figure out changes, then back to one thread and resolve , then split back into threads? 
    • Could use single call to get members from every group, but is that more expensive?
    • Chris thinks one big query may have advantages
    • Could  take out initial bulk thing… then each group does its own bulk query, just a few adds and removes
    • Undo the bulk query will solve the issue for Bert
    • Chris and Shilen will discuss
    • AI Shilen will create a JIRA for this issue on bulk query
  • Issue of removing new name…. Shilen will work on this issue

Chad – Working on Bugs

  •  GRP 2009 https://todos.internet2.edu/browse/GRP-2009
  • More versions, snapshots
  • We link to java docs from wiki , need to update those
  • If have admin privileges might be able to do bulk change….
  • Chris is an admin and may be able to help


  • Working on switching license check
  • Could be run in MAVEN
  • Or eclipse or intellige
  • Check Style can check for multiple things
  • Some old code out there that generates many positives
  • So 2 check style configs?
  • One for older and one for  newer?
  • Nice to have good looking code
  • JeffW asked about generating ? thru API,
  • Just updated it so it  looks closer to the UI
  • Separate script in Grouper-misc
  • No patch


  • Add and delete member issue on one of the issues Chad was working on…
  • Triple assignment, not intended for privileges
  • Model Privileges as a field
  • Chad will create new method and name it better


Filter issue


next steps for Bug roundup in 2.4

  • Need to branch soon to 2.5
  • Chris will email the list about next steps.

Issue Roundup  


  Grouper-users list Emails 

  • Grouper Deployment Guide call for input  , Bill T 
  • Re: pspng ldapSearchResultPagingSize doesn't seem to do anything (Jeffrey Crawford) Sept  3, 2019
  • Grouper Loader SQL Order by , Zach, Nebraska , Sept 4, 2019
  • Shibboleth, Grouper, COmanage, and midPoint Training Workshops - Registration is Open!
  • Slow PSPNG Full Sync, Ryan R , Nebraska
  • subject cache warning: "the attribute for that identifier is not configured" + question mark added to LDAP search filter, Dominique Petitpierre, Geneva
  • GrouperJdbcConnectionProvider: "shouldnt set ..." warning messages,  Dominique Petitpierre, Geneva
  • In folders in Grouper, how can the creator be changed?, Angel , U Minnesota
  • DUO admin roles managed from grouper
  • CAS  Logout and Grouper 2.4,  Olivier Salaün, France
  • installer 2.4.0: file grouper.psp-2.4.0.tar.gz missing from repository,   Dominique Petitpierre, Geneva
  • (on Grouper-dev list) maybe a CSS "fix" for the UI table breaking out of the div?, Carey Black
  •  (on Grouper-dev list)  Quick question about the demo server(s) for Web Services…, Carey Black


SLACK Since Wed Sept. 4, 2019

  •   to be added to the #gdg-feedback slack channel (so you can provide feedback on the Grouper Deployment Guide v2  ) please email help@incommon.org with the Subject: Trusted Access add to #gdg-feedback
  • Ryan  R: cache setting warning
  • Sudheer : trying to configure loader job (SIMPLE_SQL) for a group and getting error 
  •   reason you chose ECS instead of EKS?
  • J Crawford: resolution to the error when managing attributes in the UI if the grouper UI is behind a load balancer 
  • Michael B: sample kubernetes
  • Michael G: Performance numbers…. Don’t be stingy on memory for Grouper
  • Chris Hyzer: A bunch of changes were made to a handful of groups today, groups which are not provisioned, but the pspng change log consumer takes a long time to get through them
  • Michael G: InCommon CAs (intermediates and root) are NOT automatically built into the Grouper images
  • Crawford: any plan to take a look at https://todos.internet2.edu/browse/GRP-2153 ? We have a front end application that want's to know who the last updater was.
  • Ryan R : performance issues with full sync's after  patching
  • MichaelG:  for AD experts :  memberOf question
  • JeffreyW:  is there a way to crom gsh scripts from within Grouper?
  • Michael B: Grouper in the cloud and various other issues
  • Sudheer: trying to populate grouper group description in LDAP using PSPNG 
  • Michael G: assistance with configuring an ldap subject source
  • Sudheer: PSPNG to publish grouper groups to LDAP.
  • ERIN early bird rates end this Friday (9/20) for Grouper School Temple University
  • in Philadelphia on November 12 – 13, 2019, Information and registration links can be found   at: https://www.incommon.org/academy/grouper/


JIRAs (most recent)

  • 2328: Calling group.replaceMembers() to replace a direct group with its members deletes instead of replaces

  • 2327: cache or reuse decision on if group is provisioned to target

  • 2326 grouper ui does not expand when there is a wide table inside
  • 2325 grouper hangs in some cases on startup due to thread lock
  • 2324  order by in loader queries causes an issue
  • 2323 SQL table sync job not working with postgres
  • 2322 pspng is an throwing exception when using ${subject.getAttributeValue(“loginid”)} in the userSearchFilter and subject is not in the cache
  • 2321 Missing Audit Log Entries for Begin and End Date memberships
  • 2320 ability to allow/deny daemon (loader jobs) by loader host/process
  • 2319 Grouper UI: CSS Regression in Chrome 76.0.3809.132
  • 2318 LDAP subject source doesn't support maxResults; add option to return partial results
  • 2317 Performance issue with load subject
  • 2316 GrouperDeproviioningEmailService bug
  • 2315 Grouper Installer failed to apply grouper_v2_4_0_ui_patch_22


Grouper Call Length

  • Should this Grouper dev call be expanded to 90 minutes from the current 60 minutes?  
  • We often run out of time to discuss the full agenda.
  • update: Grouper Calls will be 90 minutes long starting Oct 2
  • Biweekly Wednesdays starting at 11:30am ET



Next Grouper Call: Wed. Oct. 2, 2019

  • No labels