9-Jan-2019

Attending: 

• Chris Hyzer, Penn, Chair
• Shilen Patel, Duke
• Chad Redman, UNC
• Bert Bee Lindgren, Georgia Tech
• Vivek Sachdiva, independent 
• Emily Eisbruch, Internet2

Grouper Action Items are here

New Action Items

• [AI] Chris investigate decorating and filtering issues around API caching
• [AI] Chris share API caching code with Bert for possible use in PSPNG
• [AI]  Shilen  look at GRP 1978 https://bugs.internet2.edu/jira/browse/GRP-1978
• [AI]  Chad update  coding standards  wiki re branches https://spaces.at.internet2.edu/x/jY1HBQ

 DISCUSSION 

Issue roundup

• Subject API Caching: https://spaces.at.internet2.edu/display/Grouper/Grouper+Subject+API+caching+improvements+in+2.4

• Big performance improvement thru caching

• After security is run and other procedures

• Will start caching down where network traffic goes

• Will span all grouper users

• Grouper subject source will be excluded by default

• More sophisticated than H Cache

• Used to only return one identifier max

• So new method , subject identifiers  all

• Gives warning method if looking up something not configured

• Can read from disk when you start Grouper

• Question about decorating and filtering, Chris will double check

• Use case to wipe out name if private.

• Immutable subject  object?

• People don’t often edit subjects

• Cloning would be least risky, Chris may take that approach

• Can look up in background so run time process does not need to

• Will write out stats to log daily or more often

• Minor tweak so don’t need to go to subject source as often

• Bert: PSPNG needs subjects to target system info it caches  

• Static info on subjects in target systems , now stored  in Grouper cache objects

• Could be too numerous to make attributes, with each target system potentially having info that needs to be stored

• Can that be stored with this cache? Or duplicate with PSP NG?

• Chris: this just caches subject and attributes

• So PSP NG should keep doing its own caching

• Anything Bert can re-use?

• Chris will think about it.. And share code with Bert

• Instrumentation (can we get it working?).  Version in TIER env var

• JIRA on this

• There is a TIER production instrumentation server

• They have a different protocol

• Fewer attributes

• https://bugs.internet2.edu/jira/browse/GRP-1978

• Label as -test

• Tested internally and not sure how stable

• 3 criteria to say it’s not in test status

• If a few people have used

• If a certain amount of time has passed

• If see  thru instrumentation that people are running and haven’t complained

• Want version of the TIER container

• Environment variable in the container that Grouper could read

• Makes sense to create another Daemon thread to do this?

• Shilen will look at GRP 1978

• test/candidate/canary releases

• Versioning strategy doc

• Please review this

https://spaces.at.internet2.edu/display/Grouper/Strategies+for+selecting+which+TIER+docker+container+to+use

• • To clarify what was discussed at the Tech Ex 2018 BOF

• Git branches

• Issue of  publishing branches to remote repository

• This can clutter up list of branches and it’s already long and git does not show whole list.

• So will need to prune when things get merged back into master.

• Use naming convention so they show up at end of list?

• AI Chad will update this page re branches

• https://spaces.at.internet2.edu/display/Grouper/Grouper+developers+coding+standards

• Last patch(es)

• A lot of patches change config files

• Try to make config file changes low impact

• Chad jar issue

• Chad will take a look

• Upgrade issues

• Chris will take a look, could change the order, or delete what is redundant

• Upgrading API in UI build

• Copying 2.4 UI as is

• reverting

• TIER package helps with some of these issues

Current work tasks, and next tasks

Vivek – TIER types, rabbitmq routing keys, role inheritance, provisioning in ui

• Provisioning in UI  https://spaces.at.internet2.edu/display/Grouper/Grouper+provisioning+in+UI 

• Will this load down the Grouper loader?

• First is getting PSPNG to implement the interface that will show this on the screen.

• Use the UI to decide about provisioning.

• Need to migrate and transition. If you specify in config file to use the original,that’s the default.

• If you switch, it converts everything over.  

• Or wait until release of Grouper 2.5?

• Now there is selection filter in PSP NG, to determine if selected for provisioning

• Use an “or” in filter until Grouper 2.5?

• Chris: need people to flip a switch

• Could be GSH

• Can do normal patches and do an enabling process involving GSH or loader properties change

• What about people doing a scripted older method? They should not do this switch…

• This is just for PSPNG

• This will make Bert’s job easier

• Every object going to a provisioner will be tagged

• Inherit attribute from a folder

Chris – working on Database configs, subject caching

Bert – PSPNG patches

• GRP-1911: attribute provisioning prefix

• GRP-1494: backoff and queuing

• Question on message formats

• There is much boilerplate

• 3 types of messages that PSP NG handles

• Full sync group

• Full sync subject in group

• Sync a subject to be right in all the groups

• Lightweight JSON or bean definition?

• Do we want to do strict defining a bean to serialize and de serialize JSON

• Or use anonymous maps?

• Bert will document in an email…

• Chris uses JSON object,

• web service uses beans w automatic conversion

• There is not a coding standard for this currently

•  

• GRP-1533: DN escaping: needs to know which strings need to be escaped, from a config, not reading an LDAP schema, go live with config value that works for AD and openldap,

• comma part of DN or not?

• 90% solution using the config value saying this attribute needs to be escaped

• Rather than reading from LDAP schemas

• And allow changes when needed

• Bert: Two of the patches should be out this weekend, other one by next Wed.

Shilen 

• Loader improvements

• membership UI improvements

• Added Grouper sysadmin w start and end date

• Can trace that info

• Can see enabled and disabled dates

• Other options for filtering

• Point in time not started yet

• Will be able to put in a from and to date

• Row for every membership record?

• Could be cleaner to do users  versus memberships

• Bert: like focus on members

• Trace shows all relationships w group

• There is no point in time trace

• Custom composites

• will privileging live in UI?

• Could go to membership finder.

•  

Chad - visualization

• Wiki page is complete as far as APIs

https://spaces.at.internet2.edu/display/Grouper/Grouper+Visualization+API


• Builds a graph

• Visualization classes looks at Grouper.properties, has inheritance hierarchy

• It’s in a local branch , but Chad will put out to the remote

• 1st patch in about 3 weeks will  have graphing API, sample properties for stylings, will simulate what Michael G did.

• Hope to do UI , but starting w command line

• Will SVG have features the UI won’t have?

• Can write a script for whatever you want the output to be

• Can query it to find out what kind of object

• All logic can go into scripts

• Or can build in standards

• Will build the UI around well established API logic

• Chris  : more interested in cross platform, so focus time there

• Text based  will show in the UI

Next Grouper Call:  Wed. Jan 23, 2019