Grouper Call of July 19, 2023

Attending 

• Shilen Patel, Duke (led today's call)
  
• Vivek Sachdiva, independent
• Chad Redman, Unicon
• Liam Hoekanga, University of Michigan
• Gail Lift, University of Michigan
• Carey Black, Purdue
• Chris Hubing, Internet2
• Emily Eisbruch, Independent

Mark your Calendar:

 Internet2 TechEx is Sept. 18-22, 2023 in Minneapolis 

DISCUSSION

Administrivia

•  Internet2 Intellectual Property Policy
  
• Review AIs  Grouper Project Action Items (Google Doc)
  
•  Agenda Bash
  

Discussion

Administrivia

•  Internet2 Intellectual Property Policy
• Review AIs  Grouper Project Action Items (Google Doc)
•  Agenda Bash

Base CAMP Online was July 10-14, 2023

How did Base Camp go ?

Chris and Chad presented

• • First Base CAMP Grouper session: showed GTE (Grouper Training Environment) 
  • Chad did the second Base CAMP session, covered versioning and new Grouper versions upcoming, that session was just 20 minutes. 
    Chad has some slides related to ABAC that can be shown in future

Mark your Calendar

 Internet2 TechEx is Sept. 18-22, 2023 in Minneapolis 

Current Work

Shilen

• Added LDAP data provider
  
• Previously only for SQL
  
• Can do single and multi valued attributes
  
• Not doing rows now
  
• Could be added later
  
• Data provider was not handling updates
  
• Could add and delete previously, now it handles changes
  
• Next: Shilen will be sure data provider update can run on daemon using the UI Config
  

Chad comments: 

• Use case for data rows and LDAP can be sub objects
  
• Some Institutions (on v2.5) have loader jobs based on sub objects
  

Chad handled    https://todos.internet2.edu/browse/GRP-4800 WS GshTemplateExec returns success even though GshTemplateExecOutput.isSuccess=false

Issue Roundup 

Jiras in past two weeks (see notes after several of these)

• GRP-4849
  
• Data provider updates
  
  
• GRP-4848
  
• Jexl script test shows in My Activity as blank
  

Chad worked on this

New audit type on JEXL tester

Shows black but there’s a date on it

Still open , for 5.2

• GRP-4847
  
• ldap filter unbalanced parens
  

Turned out to not be a bug

• GRP-4846
  
• Loader job action to clear a job stuck in the Started state
  

Pain point for a few customers

Changelog temp to changelog daemon

Miscommunications, it’s not running

Quatz not aware

Must restart daemon

Pain to restart

Should be a way

Workaround: go into table and delete jobs in starting state

That’s a blunt tool

Nice if there  was a way to clear it out

Clear the starting state

Also, No way to kill jobs

How to kill thread? Not sure how easy

• GRP-4845
  
• missing target entity matching ID causes error
  

Recent code is getting hashmap

You just get 1st value

Internal of code not elegant nor failsafe

Need a check for are there more than zero elements

We should go thru and fix

• GRP-4844
  
• add run button on GSH template screen
  
  
• GRP-4843
  
• add edit button on provisionable screen for groups or folders to change settings
  
  
• GRP-4842
  
• allow scripts in property files to not be evaluated (escaped), e.g. ${whatever}
  
  
• GRP-4841
  
• if you call groupSave over WS, it should only update attributes that are sent
  
  
• GRP-4840
  
• if you save a group over WS (and maybe API) and include the same idIndex, it will fail
  
  
• GRP-4839
  
• Add config options to restrict membership export
  

Customer wants to be able to restrict export of all employees

Goal: prevent spam

Disallow export for nested group?

Per user limit on size of export

Access or content restrictions

Carey has thought about this issue; there are various ways to tune it.

    Access restrictions or content restrictions

Chad will update GRP-4839 based on this discussion

• GRP-4838
  
• add daemon to ensure same extension is not used in folder(s)
  
  
• GRP-4837
  
• add hook to make sure the same extension is not used in folder(s)
  
  
• GRP-4836
  
• ldap data provider
  
  
• GRP-4835
  
• consider jsoup cleaner for html in descriptions
  
  
• GRP-4834
  
• allow gsh template to have an abac "start with"
  
• 
  
• GRP-4833
  
• moving a group has the folder symbol
  
• 
  
• GRP-4832
  
• add progress to edit stem screen
  
  
• GRP-4831
  
• add local entity prompts for group name not entity name
  
  
• GRP-4830
  
• "Show metadata for 'Assignable to role'" does not work in azure provisioner
  
  
• GRP-4829
  
• add progress to edit composite ui
  
  
• GRP-4828
  
• RemoteCIDRValve needs usePeerAddress=true in server.xml
  
  
• GRP-4827
  
• add aliases to duo provisioning
  
  
  
• GRP-4800
  
• WS GshTemplateExec returns success even though GshTemplateExecOutput.isSuccess=false
  
  
  

Grouper wiki updates in past two weeks

• Grouper attribute based access control with scripted groups
  
• GrouperShell (gsh)
  
• Grouper Product Roadmap
  
• Grouper hook to make sure same group extension is not used in folder(s)
  
• v4 Release Notes
  
• Grouper Duo provisioning (v2.5 provisioning framework)
  

Next Grouper Call: Wed. Aug. 2, 2023