Grouper Call of July 20, 2022 

Attending 

• Chris Hyzer, Penn, Chair
• Chad Redmon, UNC
•  Shilen Patel, Duke
• JJ, Unicon
• Carey Matt Black, Purdue
• Chris Hubing, Internet2
• Drew Aschenbrener, Internet2
• Emily Eisbruch, Internet2

DISCUSSION

•  Internet2 Intellectual Property Policy
  
• Review AIs  Grouper Project Action Items (Google Doc)

• Agenda bash
  

Announcement today: Grouper release 2.6.10 - as of  July 20, 2022

Work Items

Vivek and Chris - Provisioning work

• Testing of provisioning framework, making corrections
•   we are constrained to some extent by how wizard works, to facilitate UI configuration
• Every section has clickable link at top, for metadata, diagnostics, etc.
• New LDAP patterns
• GRP-4165  each wizard section could have "back to top" link
• Updating cache , fix made
• Foreign key issues are being fixed, SQL, Azure and Duo
• calling of unit tests is now through the daemon module
• Next steps include:
•    UI, add anchors 
•    Object class attribute getting changed in target - Chris will follow up
•    Object caching

Shilen

Subject change daemon

• If there is a  change to someone's subject identifier or other attribute, put on table and sync it to Grouper quickly
• UMICH wants unresolvable subjects to be handled.
• Becomes a real time USDU daemon
•   Unresolvable Subject Deletion Utility (USDU)
•  
• Looking at provisioning
• Test cases
• If it is seen as unresolvable and adds USDU attribute on the member….. This is an attribute framework issue. 
• Should there be some locking?
• If same sync process, they lock on each other and get entries in the sync table
• USDU can sometimes take 2 hours to run
•     Do we want incremental to not run for a few hours?
• Fix locking issue on attribute framework side
• Race conditions
• Shilen recommends not do locking 
• Fix on attribute framework side
• Or have existing cleanup process handle it, that checks for multi assigns
• Shilen will make sure no duplicate USDU attributes
• GRP-4166  Attribute framework should use database constraints to ensure single assign attributes aren't multi assigned

Chris

• Ideal state for diagnostics is
•      You hit run and get quick answer if provisioning is set up right
• Now you have to configure provisioner and many more steps and then do diagnostics
• Provisioning workflows: Full, incremental and diagnostics
• Will work on demo movies

Chad

• Friday is Chad’s last day at UNC
• Chad will be working for Unicon as of Aug. 8
• Congratulations Chad!
• Chad will still work on the Grouper Project, including Grouper training
• Next Grouper Training is September 27 – 30, 2022\

MIsc

• Chris Hubing will look at Confluence queries question from Chris Hyzer
• Discussion of Internet2 and postgress or arora, question from Chris Hubing
• Arora may be the future

Emily

• TECHEX Dec 5-9 in Denver: CALL FOR WORKING MEETINGS OPEN THROUGH AUGUST 30,

  • A1 Emily submit a request for Grouper BOF at Tech Ex

• Grouper documentation improvements
•        Working on this, Emily and Chris started discussion
• These are Deadlines for blogs for Trust and Identity Newsletters

Issue Roundup 

Jiras in past two weeks

• GRP-4164
  add auditWs to grouper client help text
  
  
  
• 
  GRP-4163
  taglib errors in WS
  
  
  
• 
  GRP-4162
  chained SubjectFinder with subject identifier querying it as subject id
  
  
  
• 
  GRP-4161
  GroupAnyAttributeFilter() matches partial group names as well as attribute values
  
  
  
• 
  GRP-4160
  if a group is not provisionable and there is a default value for the membership attribute it is not getting applied correctly
  
  
  
• 
  GRP-4159
  Grouper validation: enable / disable dates
  
  
  
• 
  GRP-4158
  validate provisioning azure (and others) that required fields are configured for various CRUD
  
  
  
• 
  GRP-4157
  call daemon job (that generates loader log) from provisioning unit tests
  
  
  
• 
  GRP-4156
  fix provisioning start with add daemons so default works and works when editing daemon instead of just inserting
  
  
  
• 
  GRP-4155
  delete from grouper_loader_log on unit tests
  
  
  
• 
  GRP-4154
  add more documentation for LDAP provisioning start with
  
  
  
• 
  GRP-4153
  add clickable description in Grouper UI configuration wizard
  
  
  
• 
  GRP-4152
  Allow assignments only on group
  
  
  
• 
  GRP-4151
  dn override "start with"
  
  
  
• 
  GRP-4150
  Export of loader job won't import
  
  
  
• 
  GRP-4149
  jexl scripted group brings in privileges
  
  
  
• 
  GRP-4148
  changing grouper password doesnt encrypt
  
  
  
• 
  GRP-4147
  dont fail provisioning if there are subject problems (e.g. resolution)
  
  
  
• 
  GRP-4145
  provisioning membership foreign key blank gives issues
  
  
  

Grouper Emails in past two weeks

• [grouper-users] CHANGE_LOG_changeLogTempToChangeLog error: Duplicate entry for key grouper_change_log_entry.PRIMARY, Baron Fujimoto, 07/15/2022

• Re: [grouper-users] CHANGE_LOG_changeLogTempToChangeLog error: Duplicate entry for key grouper_change_log_entry.PRIMARY, Baron Fujimoto, 07/19/2022

Grouper wiki updates in past two weeks

• Grouper Messaging with ActiveMQ

• Subject change daemon

• Grouper rules use case - Veto if too many members

• Grouper rules use case - Email notification on flattened membership add to group

• v2.6 Release Notes