Grouper Call of August 30, 2023
Attending
- Chris Hyzer, Penn, Chair
- Vivek Sachdiva, independent
- Shilen Patel, Duke
- Chad Redmond, Unicon
- Jim Beard , Unicon
- Carey Black, Purdue
- Liam Hoekanga, University of Michigan
- Gail Lift, University of Michigan
- Kellen Murphy, UVA
- Gabor Eszes, UVA
- Chris Hubing, Internet2
- Emily Eisbruch, Independent
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda Bash
Mark your Calendar:
Internet2 TechEx is Sept. 18-22, 2023 in Minneapolis
Note these Grouper related sessions at TechEx:
- Grouper BOF
- Tuesday, Sept 19 at lunch
12:10pm to 1:40pm - https://internet2.edu/2023-internet2-technology-exchange/program/abstracts/#grouperbof
- Wolverine Vs Grouper 2: I’ll be ABAC
- Tuesday, September 19
- 9am to 9:50am
- https://internet2.edu/2023-internet2-technology-exchange/program/abstracts/#grouperbof
Grouper Training Oct. 17-20, 2023
Grouper Release Aug 28, 2023
- We are proud to announce the release of Grouper 4.5.5. There are no upgrade steps from 4.5.4.
- 7 Jiras
- In some cases users cannot see folders on UI they have access to (inherited privileges on folders causes this)
- AWS SCIM provisioning is broken
- Cannot create group if inherited privileges are not configured correctly
- Can't provision root stem due to infinite loop
- Allow change log consumers to specify number of records to process (default 1000) in daemon edit screen
- See the release notes: https://spaces.at.internet2.edu/display/Grouper/v4+Release+Notes
Current Work
Attributes with provisioning is working well
- See link: Grouper provisioning groups using attribute framework
- Per provisioner
- You can put attributes in any format
- Chris Hyzer will edit the wiki doc a bit more
- Thanks to Vivek for working on this
Vivek and Chris
- Fixed Google provisioner, increased amount of seconds
- When you make a call right after inserting data, and query the data, it comes back with empty,
- Must give system 10-15 seconds before the query
- Also Vivek fixed a membership retrieval issue
Deprovisioning request from Harvard
- Current deprovisioning system Grouper deprovisioning
- In addition they want a hook, where if used in group or folder where not allowed to be they would veto that
- Daemon should remove if someone is in group they are not supposed to be
Worked on SCIM paging
Changelog temp issues
- GRP-4924
- make change log temp batch size configurable
Shilen
- Refactoring data provide
- Grouper data field incremental daemon development notes
- Make it more pluggable, more like provisioning
- Breaking into classes
- Committed in v5 branch
- Work in progress
Chris
- Chris working on integration of Splunk to Grouper loader job
- Will put that on the wiki
Chad
- Working on Azure provisioner issues
- Grouper Training Environment is now working in Rocky Linux
Grouper Doc
- Grouper Doc discussion happened Aug 29, 2023 (Chris Hy, Chris Hu, Emily, Steve Zoppi)
- Need to improve Grouper documentation as part of effort to improve all InCommon doc
- Chris Hyzer hopes we can leverage community volunteers
- Get doc to situation where it’s acceptable to all stakeholders
- Not sure that Confluence will be doc tool in long term
- Chris reached out to Slack yesterday to get volunteers for a work effort
We would like to work on an initial and ongoing effort to improve the Grouper docs. We are looking for some community involvement to set the direction, validate ideas, and do some of the work. Interested in participating? Vote with emoji. Btw we will make a grouper-docs slack channel for this.
- Set up a Grouper Doc meeting
- Decide on structure for this effort
- At 2022 TechEx there was a productive gathering, maybe try an effort at Tech Ex.
- Chris Hubing may be able to reserve a meeting space at TechEx to discuss Grouper doc
- Chris Hubing: more and more expensive to self-host Atlassian products.
- Atlassian is pushing to cloud, but cloud does not work well for multilateral federation
- Emily create list of things to look for as we review doc
- Partly info architecture
UVA dealing with some containerization work
Emily will set up a community contributions wiki space for UVA here and share w Kellen and Gabor: (DONE)
Working on Telemetry is still a high level goal
Issue Roundup
JIRAs
GRP-4921
google pause after creation time from 10s to 15s since lag in google
- GRP-4920
web service user who can see an attribute gets an error when reading membership assignments - GRP-4919
Google provisioner not retrieving memberships - GRP-4918
if the provisioner supports it, add "Provision now" buttons to groups, entities, and memberships - GRP-4917
process strings in abac row scripts - GRP-4916
default for abac subject type should not be boolean - GRP-4915
process numbers in abac row scripts - GRP-4914
assign password on configuration screen - GRP-4913
Refactor data provider syncing - GRP-4912
document external group attributes in provisioning - GRP-4911
put debugMap in daemon log for stemView incremental/full daemon - GRP-4910
update insert/delete count on stemView incremental and full daemons - GRP-4909
allow change log consumers to specify number of records to process (default 1000) in daemon edit screen - GRP-4908
Can't provision root stem due to infinite loop - GRP-4907
cannot create group if inherited privileges are not configured correctly
GRP-4906
aws scim provisioning startIndex greater than last page returns the last page again
GRP-4905
fix provider query defaults on ui
GRP-4904
non admin user uses template to create folders and there is a long delay before the folder is seen in the main grouper navigation panel (not on left)
GRP-4903
NullPointerException: ChangeLogTempToEntity.processGroupSetAdd
GRP-4902
(vt) shouldnt need an entity translation if doing WS provisioning
GRP-4901
(vt) if a provisioner can retrieve all memberships, but isnt retrieving all groups, then it doesnt work
GRP-4900
scim paging should increment startIndex by number of records received (not page size in case server doesnt support it)
GRP-4899
add externalId to groups in scim provisioning
GRP-4898
add page size config to scim external system (default 50)
GRP-4897
have a loop in retrieve paged SCIM groups
GRP-4896
totalResults could be improved in SCIM
GRP-4895
scim loops should have a time to live
GRP-4894
alphabetize provisioning actions drop down
GRP-4893
scim provisioner start with has validation error when not managing entities
GRP-4892
add jexl tester example for removing accented chars
GRP-4891
dont require stem when running templates for group templates will work
GRP-4890
Group attributes should be available for provisioning
GRP-4889
Metadata not available for jexl in LDAP provisioner diagnostics
GRP-4888
security issue upgrade shib to i2incommon/shibboleth_sp:3.4.1_06122023_rocky8_multiarch- GRP-4887
provisioning scim starts with doesnt let you continue if you arent editing entities - GRP-4886
add grouperUtil method to normalize input (remove special chars)
GRP-4885
copying folders should have a progress screen- GRP-4884
data query for row should only ask for fields in that row - GRP-4883
provisioning error screen in ui not showing mat errors
Wiki Updates
Emails to grouper-users (none)
Next Grouper Call: Wed., Sept. 13, 2023