29-May-2019

Attending 

• Chris Hyzer, Penn, Chair
• Shilen Patel, Duke
• Chad Redman, UNC
• Bert Bee-Lindgren, GA Tech
• Carey Black, the Ohio State University
• Vivek Sachdiva, independent 
• Emily Eisbruch, Internet2

Grouper Action Items are here

REMINDER: Grouper Training in June 18-19, 2019 : https://spaces.at.internet2.edu/x/jAD4C

Issue Roundup for May 29, 2019

  New Jiras since May 15, 2019:

• GRP-2153 Add audit log functions to the Web Service (Chris, reported by Jeffrey Crawford), perhaps we’ll do a 1st pass so they can get data into splunk
• GRP-2152 visualization: change arrow for simple loader from loader color to membership (Chad)
  
• GRP-2151 Add workflow approval forms to grouper (Vivek)
• GRP-2150 Visualization change arrow directions for group memberships (Chad)
• GRP-2149 add template for policy groups (Chris), could involve include/exclude
• GRP-2148 Group Trace Membership should show what it can for non-admins (Chris , reported by MichaelG)
  
• GRP-2147 in member screen show memberships attributes, be more explicit about which membership (Chris) , add more text to clarify what the screen is
• GRP-2146 template issue when creating in folder (assigned to Vivek), made a patch
• GRP-2145 UI user event integration point ("UI hooks") (assigned to Chris)
• GRP-2144 NPE in package edu.internet2.middleware.grouper.grouperUi.serviceLogic;.UiV2MembershipAttrib (assigned to Chris)
• GRP-2143 rules need effective memberships calculated and change log consumers and daemons (Chris)
• GRP-2142 create a process to keep tomcat up to date in installer (Chris) , update at least monthly, related to installer
  
• https://todos.internet2.edu/browse/GRP-2158 adjust the type inheritance, some types perhaps should not have same inheritance as others, such as an app group, this is to be analyzed
  
• https://todos.internet2.edu/browse/GRP-2159 add act as in UI
  
• https://todos.internet2.edu/browse/GRP-2160 call reporting from java
  
• https://todos.internet2.edu/browse/GRP-2161 call reporting from WS

Issues on Grouper-Users list

• Type / template patches

• Upgrading to 2.4 discussion  
• Electronic Forms in Grouper , Vivek working on this

Other lists

• Epics in jira, Chad looking at this, will reach out to others at UNC about Epics in JIRA, improvements for Grouper visualization hard to track, so Chad created  a stub JIRA and made existing visualization issues sub tasks. Works OK but no tracking whether its a bug or improvement, impacts change log for when there’s a new version, hard to track completion, using some workarounds. Epics likely work much better.   Issue type of Epic, creates the linking needed. Chad will try it out (next time new opportunity arises). REF: https://www.atlassian.com/agile/tutorials/epics )
• Grouper feature request from U  Penn: keep track of purpose of group, originator contact, organization, clear description of policy, who created the query/filter/group if in central admin, group metadata auditing, involves move to Workday, groups were created prior  to Grouper Deployment Guide, missing info on group owner and create date,
• Likely this could be inverted and satisfied by a Service Technical-Documentation page, as discussed in a Grouper ACamp session (see “Technical Service Documentation”),
• In other words, instead of documenting the group, document the service and what groups are related to it.

Issues on TIER Grouper Slack Channel

• Get UI externalized text config file into the API [AI Chris]
• designing a pattern for attestation for groups that control access to sensitive services in the Internet2 collab platform (NickR),
• need more work on LDAP authentication
• can grouper have multiple external subject sources
• LDAP auth for containerized WS
• is there a way for me to “become” another user in the grouper UI?
• Is there a way to configure WS so that LDAP handles authn and ws handles authz BUT NOT at the permissions level (i.e. tomcat passes in a user session and grouper checks to see if that user is a member of etc:webServiceUsers before evaluating whether the user has permission for the requested object)?
• a bug with the "New Template" functionality of Grouper 2.4. If I create an "Application" template, and uncheck the box for creating the "service" folder (leaving the box checked to create the "security" folder), I get error (fixed and patched)
• How to best use Slack versus grouper-users list
• AI Chris will send out summaries to users list about Slack
• Min memory and max memory (set to same in tier package?)

Recent Grouper Wiki Updates

• Grouper Forms Workflow and Approvals (Chris)
• Grouper Training Environment Developer Notes (Chris)
• Find Recent Grouper  Users (Chris)
• LDAP Subject API example (Chris)
• University of North Carolina - Shibboleth v3.4 impersonation supported by Grouper groups (Chad)
• Attestation Using Reports (Shilen)

Question on the wiki re exporting config

• Grouper Config in the Database and UI (see comment from Olivier at bottom of page on exporting config properties file)
• Chris replied to this on the wiki

Grouper  Training

Grouper Training in Madison June 18-19, 2019

Ongoing Work

PSPNG Update (Bert):

• Addressed common issues with Gettes and Jeffrey Williams.
• Going to create an Epic (?) and a Patch

Vivek

• Working on form for Grouper workflow
• https://spaces.at.internet2.edu/x/KgQSCQ
• Good start
• Perhaps email should default to on
• Add links to open a new target and go to doc
• Suggested for the required star - use nowrap
• Do as much as possible in API that can be unit tested

Templates

• OSU looking at templating engine (for emails likely), suggestion on direction for this?
• Vivek is using string concatenations and expression language, not using engines to build template
• Use Velocity  https://velocity.apache.org/ (has been reved recently) ? Or FreeMarker? Use HTML?
• Using a preview button is a good model

• Chris likes using JSP
• Chad has some experience w Velocity
• Spring and Velocity relationship
• Shib project is looking at this issue of templates also
• Templating systems all have their own syntax
• Externalizing the emails
• Decision: for now stick w expression language

Chad

• Grouper Visualization work almost complete
• Composite groups are a special case requiring a bit more work
• Working on the Legend, hope for dynamic legend
• Currently there is static legend with some color mismatch
• Legend in graph versus as  a popup
• Legend can take up a lot of space potentially
• Hope to have patch out within a few weeks
• Decision on  arrows, folder points to object inside, member of a group points,
• Making this more consistent, all arrows will go from left to right
• This will not be configurable
  
  

Shilen

• Attestation Using Reports
• Found some bugs in existing code, fixing that
• Should emails for report-based attestations be a separate email from the attestation for group-based?  
• Idea is a single email goes to a person in charge of 10 groups

Chris

• For Grouper Training June 18-19, 2019, the approach is to take 2018 Tech Exchange Grouper training materials and create 15 minutes modules
• Will focus on Grouper Deployment Guide Types
• There’s a new screen to  show Grouper config and what is in the database, Chris will make a patch for that

Next Grouper Call: Wed., June 12, 2019