Grouper Working Group Notes of Jan. 19, 2022
Attending
- Chris Hyzer, Penn, Chair
- Shilen Patel, Duke
- Chad Redmon, UNC
- Carey Black, Purdue
- Justin Robinson, Indiana University
- Jonathan Johnson (JJ) , Unicon
- Emily Eisbruch, Internet2 (scribe)
Next Action Item from this call:
- AI Chris -- take a pass at Grouper menu design with section headers and share that with Justin and U. Indiana
DISCUSSION
Grouper Menus (Justin Robinson)
- GRP-3746
organize group actions menu - It can be hard to find things on Grouper menu
- Justin asked user experience design expert on team to suggested a new design
- Groups and members should be collected for common functions
- Lack of section titles on the drop down menus is an issue
- It's possible to put section headed in a drop down menu
- But there's a real estate issue
- Menu goes off the screen
- Chris suggests alphabetizing drop down menus
- Hard when you have a toggle button and the words change
Principals that Chris implemented and recorded in the Jira, ready for the next release:
- Common actions for average users are at top
- Templates below that (since that is dynamic, put in own section)
- Common actions for admins below that
- Other non destructive things
- Last - destructive things
- Alphabetize each section
- Have prefixes to organize actions (e.g. start with Audit log - )
- Chris: this may be a stop gap for now
- Justin: want to manage things inside Grouper, want to eliminate custom interface system
- AI Chris will take a pass at Grouper menu design with section headers and share that with Justin and U. Indiana
- Justin: it’s OK to use iterative direction
====
JJ, Unicon: some problems with the SQL being generated by hibernate.
- U Wisc wants tweaks to HQL to create better SQL.
- This is memberships part of Grouper
- Change the High 3? Membership bell??
- Remove field? References?
- 4 are extraneous
- Oracle 12
- Field creates cartesian?? product?
- Memory usage is an issue
- Shilen: need to know which queries
- JJ will create Custom jar for client for testing
- Chris : this is a bug we should fix in this release
- JJ will sent Chris the details
- U Wisc also having web service performance problems
- JJ working on that
- JJ looked at performance in context of midpoint and Grouper
- Created document looking at why web service calls were slow
- OSGI
- https://spaces.at.internet2.edu/display/Grouper/Grouper+plugins+classpath+OSGI+with+Felix
-
- Java Jar Hell has been a challenge
- The goal is to have plugins which can have jar dependencies that Grouper would not be dependent on so we do not end up in Java jar hell.
- The intent is not to do dynamic modules, or modules with dependencies on other modules, just simple classloader separation of jars.
- We need an interface that the plugin can implement. if there is an implementation in Grouper that does not need a plugin that is easy as well. This uses simple javabeans or java types in the interface.
- Bundle the authentication work
- Want an OSGI bundle
- Call it from another project
- Not have jars in class path of overall project
- https://spaces.at.internet2.edu/display/Grouper/Grouper+plugins+classpath+OSGI+with+Felix
- Chad: This approach will be great for provisioners, currently they multiply
- Grouper image is now large
- Chris: We will remove some provisioners for Grouper 3.0
Current Work
Vivek
- Duo roles provisioning
- Focus on administrators
- Can be in 7 roles
- Two Duo provisioners
- For less confusing configuration
- Predefined groups in Grouper
- Two groups for Duo cannot have the same role
- Can delegate based on provisioner configuration
- Chris: recent addition is person attribute resolver
- Provisioner can pull info from that
- Person attribute changes may not trigger an incremental sync
- When we add member name metadata, then these 2 provisioners will encapsulate logic of current DUO provisioner
Shilen
- Adding new columns to grouper members table
- Two more subject identifier columns and another for email address
- USDU will keep data in sync
- Shilen will update loader to use new subject identifier columns
Chris
- Grouper 3.0 DDL changes
- Grouper Data structure improvements
- https://spaces.at.internet2.edu/display/Grouper/Grouper+data+structure+improvements+v3.0
- Ideas are welcome
- More tables
- Reduce storage and memory needed for database to join things together
- We are wasting space with UUIDs etc
- Recommend don't use mysql for large deployments
- Hard to maintain a large software project
- Need to clean up some areas
- We are one or two releases behind in hibernate
- Plan to batch some create functions (create groups)
- Development effort for 3.0 could take one year
- Shilen: agree with the approach
- Hope to make the upgrade as smooth as possible
- Chris working on failsafe
Chad
- Working on Grouper Training, starts Feb 8, 2022
- Screenshots need updating
Log4J, set in Grouper source code- Has not made change in container, don’t have new tag yet
- JVM param you can put into the startup
- Will look for Log4j2 properties file first
- Then if not found, will look for existing
Issue Roundup
Jiras in past two weeks
GRP-3770
remove add members button from add members screen (just have add)
GRP-3769
provide a way to delete a person
GRP-3768
allow gsh template password entry (do not log, show as password field)
GRP-3767
bring duo users and data back to grouper (like zoom table)
GRP-3766
ldap provisioning filter should not search on same values
GRP-3765
add failsafe options for provisioning
GRP-3764
improve provisioning search attributes
GRP-3763
provisioning counts for sql do not work
GRP-3762
add failsafe options for LDAP list of groups
GRP-3761
add failsafe options for LDAP groups from attributes
GRP-3760
add failsafe options for LDAP simple jobs
GRP-3759
add failsafe options for SQL list jobs
GRP-3758
add failsafe attributes on group
GRP-3757
list failsafes in grouper daily report
GRP-3756
dont run ddl script if script if blank
GRP-3755
default mysql driver should be this if there: com.mysql.cj.jdbc.Driver
GRP-3754
add more notification options
GRP-3753
Add grouper members columns for more subject identifiers and email
GRP-3752
failsafe notifications
GRP-3751
issue provisioning diagnostics warning if reading from sync bucket but not writing to it
GRP-3750
add failsafe options for SQL simple jobs
GRP-3749
add more failsafe options for single or list jobs
GRP-3748
address the need to frequently bounce grouper container
GRP-3747
organize stem actions menu
GRP-3746
organize group actions menu
GRP-3745
move group Loader button from tab to actions
GRP-3744
add google provisioner
GRP-3743
add new privilege on stems: stemView
GRP-3742
removing inherited privileges does not remove immediate assignments correctly
GRP-3741
stem view privileges with good performance
GRP-3740
add privileges to load data script
GRP-3739
improved french translations
GRP-3738
Grouper Emails in past few weeks
- [grouper-users] Need help in connecting external ldap server, Malathi Deenadayalan, 12/24/2021
Grouper wiki updates in past two weeks
- Grouper provisioning framework
- Grouper generic provisioning configuration
- v2.6 Upgrade Instructions from v2.6
- Grouper Provisioning: PSPNG
- Grouper provisioning target DAO
- Grouper data structure improvements v3.0
- Introduction to the GDG
- Grouper plugins classpath OSGI with Felix
- GrouperShell (gsh)
- GrouperShell (gsh) ldap session (LdapSessionUtils)
- PSPNG at Penn
- Grouper loader failsafe
- Grouper loader failsafe - provisioning framework
- Grouper loader failsafe - LDAP list of groups
- Grouper loader failsafe - LDAP groups from attributes
- Grouper loader failsafe - LDAP simple
Grouper loader failsafe - SQL list of groups - Grouper developers coding standards
- Grouper Google GCP provisioner
- Grouper loader failsafe - notifications
- Web Services OpenAPI
- Grouper container documentation for v2.5
- Grouper container running on OpenShift
- How to Setup a Grouper Development Environment for Grouper v2.5
- v2.6 Release Notes
Next Grouper Call: Wed Feb 2, 2022