Grouper Call of Jan. 3, 2024

Attending 

  • Chris Hyzer, Penn, Chair
  • Chad Redmond, Unicon
  • Vivek Sachdiva, independent
  • Shilen Patel, Duke
  • Jim Beard, Unicon
  • Carey Black, Purdue
  • Kellen Murphy, UVA
  • Carey Matt Black, Purdue
  • Chris Hubing, Internet2


Administrivia



 Grouper Blog for early 2024, started here:  

    • Blog to focus on  listserve management at Penn and GSH templates

 



Grouper 5.7 Release 

Chris Hyzer   Jan 1 2024  — We are proud to announce the release of Grouper v5.7.0.  There are 2 upgrade instructions from v5.6.0.  Note, if you are running v5 and are customizing the server.xml, please try the new env vars so you dont have to do that and let me know if anything is missing (we added TLS (could be built in self signed), remote IP, and rewrite valves)

See release notes: https://spaces.at.internet2.edu/display/Grouper/v5+Release+Notes

53 Jiras


Current Work

Vivek

Working on Team Dynamics provisioner

  • Grouper TeamDynamix External System

  • Grouper TeamDynamix Provisioner

  • Will make labels more user friendly
  • This is perhaps not as  smooth as some of the provisioners
  • Significant throttling at server side
  • Hard coded to run in one thread
  • Response to a throttling call is sometimes not expected
  • Text in body
  • Can get error and response is still there
  • Throttling can be an issue
  • Due to throttling, Full syncs could take a while
  • Incremental should be OK
  • On server side, you can go to UI and delete, but can’t delete from web service, can only disable a group
  • Can have 2 groups with same name in TeamDynamix
  • But this creates an error in Grouper, 
  • We are doing the minimum for TeamDynamix
  • Want to facilitate authorization provisioning
  • For complex use cases, Use Midpoint or another approach 


Data Dictionary  Grouper data field dictionary

  • Use case from TechEx
  • When TeamDynamix work is done we will take another pass at this
  • Issue: description doesn’t wrap 
  • Can give examples at row and field level
  • This is a good first pass
  • Added data owner and how to get access
  • Description is a mandatory field
  • Question : where is main field for describing data field?
  • AI: Chris - update the data field documentation so it is more user friendly not geared to developers   Grouper data field dictionary
  • Scripted Groups or data fields
  • Better to use the terminology of scripted groups.


Shilen

  • Worked on composite changes, if you add or remove a member in UI and it involves a composite, it will give a different message saying may take time to propagate
  • Making sure loader logs work property
  • Making sure it does not cause issues with diagnostics
  • Will go through unit tests and look at performance

Chris

  • Released Grouper 4.10.0,   4.10.1 and 4.10.2 (has team dynamics and tomcat container enhancements)
  • Released Grouper 5.7
  • Tomcat
  • Can run Tomcat without apache now
  • SSL for tomcat works 
  • uses key file and chain file 
  • Access logs for tomcat need remote IP
  •  This builds on work done at UVA
  •   Access log valves, perhaps not needed
  • Don’t need load balancer logged, can just take client
  •  Better to use remote IP
  • Kellen may slack Chris about WebXML
  • New self signed cert, 20 year
  • Apache expires in 5 years

GRP-5240   subjob error in scheduler check daemon cant find log mapWhen you run a quickstart in Grouper,  it will use self signed cert for tomcat
 New scheduler Daemon, will look at jobs that started but are not running and set them to error and append a message to description

tomcat log4j2.xml was not working correctly after pipes removed

  • GRP-5229 
  • History: we wanted to get rid of supervisor D, but had multi processes going on and people wanted to use splunk 
  • Issue with pipes,
  •  tomcat should send to standard out rather than using pipes
  • Chad:   Grouper environment would be helpful. Format in Log4J, go to standard output
  • The closer to normal Docker container, the better
  • Kellen / UVA: has everything going to standard error
  • This is for debugging
  • Chris Hubing: match log format to current format to accommodate splunk users
  • Expect people to use log4j as we package it, with our defaults
  •  Chris Hyzer will look at having tomcat write the grouper logs, the access logs, the Catalina logs, the local host logs to standard out and try to match the format it used to be.  


Chris worked on   GRP-5195


Grouper custom template via GSH web service membership counts

  • Chris worked on GRP-5196
  • gsh template WS should be able to read and write arbitrary JSON
  • Now more sensible inputs and outputs for web services
  • Want a JSON response to go to the client
  • JSON inputs now allows a new WS input attribute in GSH template exec request
  • Input name value instead of name value pairs
  • Can make a more sensible request
  • WS output field under exec result, 
  • Can edit from GSH template
  • Should use maps and not jackson 
  • Put in ws output
  • Can have arbitrary JSON for the client
  • It gets presented to GSH template as a map
  • This creates a good custom web service
  • Can use bean structure
  • Arbitrary input and output
  • Use bean class for input and to mirror JSON
  • Also bean class for output
  • JSON needs to match bean structure
  • Chris created documentation for v1 and for v2
  • See documentation linked from here https://spaces.at.internet2.edu/x/nwHtE


New feature - dynamic dropdowns 


 More on GSH Templates

  • If you have a query loaded dropdown
  • Such as dropdown that is dynamic, tells you work you need to do
  • You submit template and it does that work
  • Used to be it did not redraw template screen
  • But dropdown might be impacted by work template did
  • NOW when you submit a template it will redraw the screen
  • (If it’s not longer than 15 seconds)
  • Chris and Chad will look at changes to provisionable screen
    Hope to make it easier to use

 

Issue Roundup

Jiras



Wiki updates


Grouper-Users emails - none

Next Grouper Call:  Wed. Jan 17, 2024

  • No labels