- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redman, UNC
- Bert Bee Lindgren, Georgia Tech
- Carey Black, the Ohio State University
- Vivek Sachdiva, independent
- Emily Eisbruch, Internet2
New Action Items from this call
- [AI] Chris will look at deprecated warnings issue related to Chad’s project
- [AI] Bert will respond to Siju Jacob re CAS filter
- [AI] Chris will review Provisioning in UI before it goes into master, Chris will determine next steps to get this in use
- [AI] Chris find instrumentation discussion on Slack and share with Shilen
WS LDAP authn
Update database drivers?
Updated for 2.4, there was an issue w MYSQL, perhaps incompatibilities
Hard to remove a file w Docker overlay but can replace
2.3.0 as stable build, 2.4.0 as enhancement build
At Packaging BOF at 2018 TechEx, some community members wanted more enhancements, some did not want many changes, challenges w so many patches.
Suggestion for yearly stable release, let people fall behind on enhancements if they don’t want to deal with patches
Q: So every time there’s a patch, there would be a new Docker image?
And not possible to cherrypick patches?
Linear growth of patches
If on Grouper 2.4.0 on certain patch level and want a security patch then you can’t get it, unless you accept new image with all patches.
Carey: TIER images will work that way, but you could use the installer to build the version you want
Chris: Security patches may have dependencies on previous patches
What about security only patch mode? .. Could be too complex
Suggestion is enhancement branch and non enhancement branch
Suggestion for a mode that has minimum number of patches needed to get the security patches
Central T&I documentation for roadmap
Discuss on future call
Grouper / MariaDB rowformat, chad?
Email reply, change setting from docs
Chad / Nick build issue
Chad responded on 2 emails
Chad deprecated warnings merge?
[AI] Chris will look at deprecated warnings issue related to Chad’s project
Chad created Jira to fix java doc builds
Large groups UI resources
Siju Jacob – CAS filter (someone)?
GA Tech uses Shib and CAS
[AI] Bert will respond to Siju Jacob re CAS filter
PSPNG change in description of name issues (Churchley) [Was reply from old message]
Tagging patched branch
See naming convention for TIER, See coding standards wiki https://spaces.at.internet2.edu/display/Grouper/Grouper+developers+coding+standards
Current work tasks, and next tasks
rabbitmq routing keys, provisioning in ui, usdu updates
Provisioning in UI is done
In its own branch
[AI] Chris will review Provisioning in UI before it goes into master, and will determine next steps to get this in use
Kick the tires a bit
This provisioning does not use the attributes
Could use a class to customize the provisioning behavior
Later we will transition PSPNG into the Provisioning UI
- rabbitmq routing keys- Done
USDU is only command line now
Can make daemon to run it weekly in read write mode
For unresolvable, then add a marker and date last resolvable
Resolvable or not
Don’t put on all subjects, just unresolved subjects
500 max unresolvable
Vivek will work on Daemon, then on UI
Could release patch for daemon
Carey: Grouper install at OSU is against identity management system.
User IDs don’t go away
So OSU won’t need this
Concern about need to clean up some data before deletion of subject
Need to sanitize Grouper provisioning data
might want to follow up with MichaelG on this.
Q: Would there be a requirement to have this only work for specific source ID’s and not globally? A: this is not in the current plan
Chris – Database configs, subject caching, obliterate stem, bulk change log messages,
midpoint integration - Chris did a patch for this
Bert – PSPNG patches
Action Items - making progress
Announced recent 2.3 & 2.4 patches
Committed to 2.4: GRP-1959 (persistent full-sync queues ),
running in GT-Test ,
Next: Performance: GRP-1931, Subject Caching
Flush caches older than full sync request, so do not need to read subjects over again
Next: Group-selection & attributes… Surgical refresh of newly selected/unselected groups
Optimize how PSPNG handles changing of selection
Q: What about full sync for provisioning target?
A: Each provisioner had full sync schedule.
Persistent queues go to Grouper messaging
On scheduled items loa der log entry keeps track of per group operations
Documents activity into the loader log
So queues them into memory
Some tagging concerns
Would rather tag with PSP version number
Might have code that worked on API
Process: Don’t commit unless you will make a patch immediately
Shilen - Membership UI improvements
Enable / Disable
Could release as a patch
Agreed, document with screenshots
Work on privileges?
Not sure what to do on that given the UI
Interested in folder info
Shilen will look at this and make recommendations
May look at instrumentation JIRA
- AI Chris will find instrumentation discussion on Slack and share with Shilen
Chad - visualization
Option to display path or display name
Generate button to draw graph, if you click it a second time, behavior is not ideal
How to manage the real estate on the page?
Suggestion to hide/show options
how to handle if not a root user, what should you be able to see?
Agreed: user should only see what that user has access to
Not sure if handling sessions correctly?
Static, root session… do they accumulate?
Chris does call backs for sessions
Static does not need to be cleaned up
If not a call back session, then close that later as “cleanup”
Hope to have Visualization patch by middle of next week
Q: if tracing from service group with ref group in origins, does it display all downstream from ref group? Or just from service group?
A: it shows in both directions, does not go all the way up and all the way down again
Concern about showing too much
Group you look at is spider; all else is spiderweb
What about a group where there are sub groups you can’t see?
Will we show that? Maybe in next phase
Next Grouper Call: Wed. Feb. 20, 2019