Child pages
  • 6-Feb-2019
Skip to end of metadata
Go to start of metadata




  • Chris Hyzer, Penn, Chair
  • Shilen Patel, Duke
  • Chad Redman, UNC
  • Bert Bee Lindgren, Georgia Tech
  • Carey Black, the Ohio State University
  • Vivek Sachdiva, independent 
  • Emily Eisbruch, Internet2

Grouper Action Items are here


New Action Items from this call  

  • [AI] Chris will look at deprecated warnings issue related to Chad’s project
  • [AI] Bert will respond to Siju Jacob re CAS filter
  • [AI] Chris will review Provisioning in UI before it goes into master, Chris will determine next steps to get this in use
  • [AI] Chris  find instrumentation discussion on Slack  and share with Shilen



  Issue roundup

  • WS LDAP authn

  • Update database drivers?

    • Updated for 2.4, there was  an issue w MYSQL, perhaps incompatibilities

    • Hard to remove a file w Docker overlay but can replace

  • 2.3.0 as stable build, 2.4.0 as enhancement build

    • At Packaging BOF at 2018 TechEx, some community members wanted more enhancements, some did not want many changes, challenges w so many patches.

    • Suggestion for yearly stable release, let people fall behind on enhancements if they don’t want to deal with patches

    • Q: So every time there’s a  patch, there would be a new Docker image?

    • And not possible to cherrypick patches?

    • Linear growth of patches

    • If on Grouper 2.4.0 on certain patch level and want a security patch then you can’t get it, unless you accept new image with all patches.

    • Carey: TIER images will work that way, but you could use the installer to build the version you want

    • Chris: Security patches may have dependencies on previous patches

    • What about security only patch mode? .. Could be too complex

    • Suggestion is enhancement branch and non enhancement branch

    • Suggestion for a mode that has minimum number of patches needed to get the security  patches

  • Central T&I documentation for roadmap

    • Discuss on future call

  • Grouper / MariaDB rowformat, chad?

    • Email reply, change setting from docs

  • Chad / Nick build issue

    • Chad responded on 2 emails

  • Chad deprecated warnings merge?

    • Merge?  Yes

    • [AI] Chris will look at deprecated warnings issue related to Chad’s project

    • Chad created Jira to fix java doc builds

  • Large groups UI resources

  • Siju Jacob – CAS filter (someone)?

    • GA Tech uses Shib and CAS

    • [AI] Bert will respond to Siju Jacob re CAS filter

  • PSPNG change in description of name issues (Churchley) [Was reply from old message]

  • Tagging patched branch

Current work tasks, and next tasks



rabbitmq routing keys, provisioning in ui, usdu updates

Provisioning in UI is done

  • In its own branch

  • [AI] Chris will review Provisioning in UI before it goes into master, and will determine next steps to get this in use

  • Kick the tires a bit

  • This provisioning does not use the attributes

  • Could use a class to customize the provisioning behavior

  • Later we will transition PSPNG into the Provisioning UI

  • rabbitmq routing keys- Done


usdu updates

  • USDU is only command line now

  • Can  make daemon to run it weekly in read write mode

  • For unresolvable, then add a marker and date last resolvable

  • Days unresolved

  • Resolvable or not

  • Don’t put on all subjects, just unresolved subjects

  • 500 max unresolvable

  • Vivek will work on Daemon, then on UI

  • Could release patch for daemon

  • Carey:   Grouper install at OSU is against identity management system.

  • User IDs don’t go away

  • So OSU won’t need this

  • Concern about need to clean up some data before deletion of subject

  • Need to sanitize Grouper provisioning data

  •   might want to follow up with MichaelG on this.

  • Q: Would there be a requirement to have this only work for specific source ID’s and not globally?  A: this is not in the current plan


Chris Database configs, subject caching, obliterate stem, bulk change log messages, 

  • midpoint integration - Chris did a patch for this

Bert – PSPNG patches

  • Action Items - making progress

  • Announced recent 2.3 & 2.4 patches

  • Committed to 2.4: GRP-1959 (persistent full-sync queues ),

  • running in GT-Test ,

  • Next: Performance: GRP-1931,  Subject Caching

  • Flush caches older than full sync request, so do not need to read subjects over again

  • Next: Group-selection & attributes… Surgical refresh of newly selected/unselected groups

    • Optimize how PSPNG handles changing of selection

  • Q: What about full sync for provisioning target?

  • A: Each provisioner had full sync schedule.

  • Persistent queues go to Grouper messaging

  • On scheduled items loa der log entry keeps track of per group operations

  • Documents activity into the loader log

  • So queues them into memory

  • Some tagging concerns  

  • Would rather tag with PSP version number

  • Might have code that worked on API

  • Process: Don’t commit unless you will make a patch immediately


Shilen  - Membership UI improvements

  • Enable / Disable

  • PIT

  • Custom composites

  • Could release as a patch

  • Agreed, document with screenshots

  • Work on privileges?

  • Not sure what to do on that given the UI

  • Interested in folder info

  • Shilen will look at this and make recommendations

  • May look at instrumentation JIRA

  • AI Chris will find instrumentation discussion on Slack  and share with Shilen


Chad - visualization

  • Option to display path or display name

  • Generate button to draw graph, if you click it a second time, behavior is not ideal

  • How to manage the real estate on the page?

  • New buttons…

  • Suggestion to hide/show options

  • how to handle if not a root user, what should  you be able to see?

  • Agreed: user should  only see what that user has access to

  • Not sure if handling sessions correctly?

  • Static, root session… do they accumulate?

  • Chris does call backs for sessions

  • Static does not need to be cleaned  up

  • If not a call back session, then close that later as “cleanup”

  • Hope to have Visualization patch by middle of next week

  • Q: if tracing from service group with ref group in origins, does it display all downstream from ref group? Or just from service group?

  • A: it shows in both directions, does not go all the way up and all the way down again

  • Concern about showing too much

  • Group  you look at is spider; all else is spiderweb

  • What about a group where there are sub groups you can’t see?

  • Will we show that? Maybe in next phase


Next Grouper Call: Wed. Feb. 20, 2019

  • No labels