Versions Compared

Old Version 17

changes.mady.by.user Shilen Patel (duke.edu)

Saved on

compared with

New Version Current

changes.mady.by.user Hyzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Include Page
spaceKeyGrouper
pageTitleNavigation

Panel

Overview: For The Grouper 2.2 upgrade migrates the plan is to migrate from legacy attributes and group types to the new attribute framework in a transparent way.  The old API and WS and UI should still work correctly.  Plan to migrate lists and hooks as well.

Pre-2.2 functionality

Group types:

...

 - Prevent use of legacy attributes.
 - Create old style attributes in the new attribute framework within a configurable folder (e.g. etc:legacy:attribute).  By default, everybody can read and assign the attribute.
 - Preserve the API methods that allow setting and getting an attribute from a group.
 - Web services and UI should will continue to work when dealing with getting and setting attributes.
 - Hooks should will continue to fire when setting and deleting attributes.
 - Existing views on the legacy attributes will not be preserved.

Details on Migration

  • This is done during the update to Grouper 2.2 upgrade.
  • Take note about the section at the bottom regarding privileges.
  • During the upgrade, the following tables are backed up to the following tables.  The backed up tables are used by the migration script to do the migration.
    • grouper_attributes -> grouper_attributes_legacy (grouper_attributes will be dropped during the upgrade)
    • grouper_types -> grouper_types_legacy (grouper_types will be dropped during the upgrade)
    • grouper_groups_types -> grouper_groups_types_legacy (grouper_groups_types will be dropped during the upgrade)
    • grouper_fields -> grouper_fields_legacy (grouper_fields is still used in Grouper 2.2 but is just no longer used to identify attributes.  We're also dropping the columns: grouptype_uuid and is_nullable.)
  • For each groupType:
    • Create an attributeDef named etc:legacy:attribute:legacyGroupTypeDef_<groupTypeName>.  This is assignable to groups.
    • Create an attributeDefName named etc:legacy:attribute:legacyGroupType_<groupTypeName>.  This represents the groupType.
    • Give everyone (EveryEntity) ATTR_READ and ATTR_UPDATE privileges.  This allows everyone to be able to assign this group type to their groups, which is the functionality that existed with the old groupTypes.  Note that the hooks that limit this functionality still apply.
  • For each legacy attribute:
    • (Just once per groupType) Create an attributeDef named etc:legacy:attribute:legacyAttributeDef_<groupTypeName>.  This is assignable to groupType assignments on groups.
    • Create an attributeDefName named etc:legacy:attribute:legacyAttribute_<legacyAttributeName>.  This represents the legacy attribute.
    • Give everyone (EveryEntity) ATTR_READ and ATTR_UPDATE privileges.  This allows everyone to be able to read this attribute when assigned to groups (assuming they have GROUP_ATTR_READ or ADMIN on the group) and update this attribute on groups (assuming they have GROUP_ATTR_UPDATE or ADMIN on the group).
  • For each custom list:
    • (Just once per groupType) Create an attributeDef named etc:legacy:attribute:legacyCustomListDef_<groupTypeName>.  This is assignable to the groupType attribute definition.
    • (Just once per groupType) Create an attributeDefName named etc:legacy:attribute:legacyCustomList_<groupTypeName>
    • This attribute will be assigned to the group type definition to indicate which custom fields are associated with that group type.  So it is multi-valued, with the values being the field UUIDs.
  • For each groupType assignment:
    • Assign the groupType (etc:legacy:attribute:legacyGroupType_<groupTypeName>) to the group.
  • For each legacy attribute assignment:
    • Assign the attribute (etc:legacy:attribute:legacyAttribute_<legacyAttributeName>) to the groupType assignment.  And add the value.

...

 - Get rid of the grouper_group_types table.
 - Everything is essentially deprecated.
 - Should the The uuid of a GroupTypeTuple will be the uuid of the attribute assignment of legacyGroupType_<name>?.

Field

 - In general, I'm assuming that we'We're not going to try to treat legacy attributes as fields anymore or try to support current the 2.1 API that does.
 - Getting rid of the columns grouptype_uuid and is_nullable.

...

 - Group.initGroupAttributes(groups)
   - Seems like this was set up to address a performance issue with getting legacy attributes.
   - Maybe deprecate Deprecate and allow it to continue to work.  That is, efficiently query for legacy attributes in etc:legacy:attribute.
 - Group.deleteAttribute(attributeName)
   - deprecate
 - Group.deleteAttribute(attributeName, failOnRequiredAttribute)
   - deprecate
   - Ignore failOnRequiredAttribute?Throw exception if failOnRequiredAttribute is set.
   - rewrite to delete from new attribute framework.
 - Group.getAttributeValue(attributeName, checkSecurity, exceptionIfNotFound)
   - deprecate
   - exceptionIfNotFound is currently based on a field check.  Since legacy attributes won't be fields, this needs to change to instead check all the attributeDefNames starting with legacyAttribute_ under etc:legacy:attribute that are applicable for this group.
   - checkSecurity needs to check security based on new attribute framework.
 - Group.getAttribute(attributeName)
   - already deprecated.  why doesn't this just call getAttributeValue???
 - Group.getAttributes()
   - already deprecated.  why doesn't this just call getAttributesMap???
 - Group.setAttribute(attributeName, value)
   - deprecate
 - Group.setAttribute(attributeName, value, checkPrivileges)
   - deprecate
 - Group.setAttribute(attributeName, value, checkPrivileges, uuid)
   - deprecate
   - Change to use new framework.  Should the The uuid should be used as the uuid of the attribute assignment?.
 - Group.getAttributesMap(checkSecurity)
   - deprecate
   - Change to use new framework.
 - Group.getAttributesDb()
   - already deprecated.  why doesn't this just call getAttributesMap???
 - Group.internal_setAttributes(attributes)
   - deprecate
 - Group.setAttributes(attributes)
   - deprecate
 - Group.internal_copy()
   - Perhaps assume that this This continues to only work with legacy attributes for now.
   - Privilege checks on attributes need to use new framework.
 - Group.addType(type)
   - deprecate
 - Group.addType(type, exceptionIfAlreadyHasType)
   - deprecate
   - Assign legacyGroupType_<typeName> to group.
 - Group.canReadField(subj, field) and various other similar methods
   - Okay to make this This will no longer work for legacy attributes?.
 - Group.deleteType(type)
   - deprecate
   - Change to use new framework (including privilege checks).
 - Group.getRemovableTypes()
   - deprecate
   - assume all All types are removable.
 - Group.getTypes()
   - deprecate
   - Assume no No types are "internal"
 - Group.getTypesDb()
   - deprecate
   - Return all assignments within etc:legacy:attribute.
 - Group.hasType(type)
   - deprecate
 - Group.setTypes(types)
   - deprecate

...

- Basically deprecate everything.
- Get rid of grouper_attributes table.
- Perhaps the The attribute id should be the uuid of the attribute assignment.
- field id is no longer applicable therefore always null.

Privileges

One of the challenges with the migration is going to be to Grouper 2.2 is around dealing with privileges.  The legacy and new attribute frameworks have different ways of dealing with read and write privileges on attributes. 

...

Privileges for attributes have changed for 2.2.  More information.  The 2.2 upgrade steps do not try to migrate privileges for either the legacy attribute or new attribute frameworks.