Grouper Call of July 19, 2023
Attending
- Shilen Patel, Duke (led today's call)
- Vivek Sachdiva, independent
- Chad Redman, Unicon
- Liam Hoekanga, University of Michigan
- Gail Lift, University of Michigan
- Carey Black, Purdue
- Chris Hubing, Internet2
- Emily Eisbruch, Independent
Mark your Calendar:
Internet2 TechEx is Sept. 18-22, 2023 in Minneapolis
DISCUSSION
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda Bash
Discussion
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda Bash
Base CAMP Online was July 10-14, 2023
How did Base Camp go ?
Chris and Chad presented
- First Base CAMP Grouper session: showed GTE (Grouper Training Environment)
- Chad did the second Base CAMP session, covered versioning and new Grouper versions upcoming, that session was just 20 minutes.
Chad has some slides related to ABAC that can be shown in future
Mark your Calendar
Internet2 TechEx is Sept. 18-22, 2023 in Minneapolis
Current Work
Shilen
- Added LDAP data provider
- Previously only for SQL
- Can do single and multi valued attributes
- Not doing rows now
- Could be added later
- Data provider was not handling updates
- Could add and delete previously, now it handles changes
- Next: Shilen will be sure data provider update can run on daemon using the UI Config
Chad comments:
- Use case for data rows and LDAP can be sub objects
- Some Institutions (on v2.5) have loader jobs based on sub objects
Chad handled https://todos.internet2.edu/browse/GRP-4800 WS GshTemplateExec returns success even though GshTemplateExecOutput.isSuccess=false
Issue Roundup
Jiras in past two weeks (see notes after several of these)
Chad worked on this
New audit type on JEXL tester
Shows black but there’s a date on it
Still open , for 5.2
Turned out to not be a bug
Pain point for a few customers
Changelog temp to changelog daemon
Miscommunications, it’s not running
Quatz not aware
Must restart daemon
Pain to restart
Should be a way
Workaround: go into table and delete jobs in starting state
That’s a blunt tool
Nice if there was a way to clear it out
Clear the starting state
Also, No way to kill jobs
How to kill thread? Not sure how easy
Recent code is getting hashmap
You just get 1st value
Internal of code not elegant nor failsafe
Need a check for are there more than zero elements
We should go thru and fix
- GRP-4844
- add run button on GSH template screen
- GRP-4843
- add edit button on provisionable screen for groups or folders to change settings
- GRP-4842
- allow scripts in property files to not be evaluated (escaped), e.g. ${whatever}
- GRP-4841
- if you call groupSave over WS, it should only update attributes that are sent
- GRP-4840
- if you save a group over WS (and maybe API) and include the same idIndex, it will fail
- GRP-4839
- Add config options to restrict membership export
Customer wants to be able to restrict export of all employees
Goal: prevent spam
Disallow export for nested group?
Per user limit on size of export
Access or content restrictions
Carey has thought about this issue; there are various ways to tune it.
Access restrictions or content restrictions
Chad will update GRP-4839 based on this discussion
- GRP-4838
- add daemon to ensure same extension is not used in folder(s)
- GRP-4837
- add hook to make sure the same extension is not used in folder(s)
- GRP-4836
- ldap data provider
- GRP-4835
- consider jsoup cleaner for html in descriptions
- GRP-4834
- allow gsh template to have an abac "start with"
- GRP-4833
- moving a group has the folder symbol
- GRP-4832
- add progress to edit stem screen
- GRP-4831
- add local entity prompts for group name not entity name
- GRP-4830
- "Show metadata for 'Assignable to role'" does not work in azure provisioner
- GRP-4829
- add progress to edit composite ui
- GRP-4828
- RemoteCIDRValve needs usePeerAddress=true in server.xml
- GRP-4827
- add aliases to duo provisioning
- GRP-4800
- WS GshTemplateExec returns success even though GshTemplateExecOutput.isSuccess=false
Grouper wiki updates in past two weeks
- Grouper attribute based access control with scripted groups
- GrouperShell (gsh)
- Grouper Product Roadmap
- Grouper hook to make sure same group extension is not used in folder(s)
- v4 Release Notes
- Grouper Duo provisioning (v2.5 provisioning framework)
Next Grouper Call: Wed. Aug. 2, 2023