Grouper Call of July 20, 2022
Attending
- Chris Hyzer, Penn, Chair
- Chad Redmon, UNC
- Shilen Patel, Duke
- JJ, Unicon
- Carey Matt Black, Purdue
- Chris Hubing, Internet2
- Drew Aschenbrener, Internet2
- Emily Eisbruch, Internet2
DISCUSSION
- Agenda bash
Announcement today: Grouper release 2.6.10 - as of July 20, 2022
Work Items
Vivek and Chris - Provisioning work
- Testing of provisioning framework, making corrections
- we are constrained to some extent by how wizard works, to facilitate UI configuration
- Every section has clickable link at top, for metadata, diagnostics, etc.
- New LDAP patterns
- GRP-4165 each wizard section could have "back to top" link
- Updating cache , fix made
- Foreign key issues are being fixed, SQL, Azure and Duo
- calling of unit tests is now through the daemon module
- Next steps include:
- UI, add anchors
- Object class attribute getting changed in target - Chris will follow up
- Object caching
Shilen
- If there is a change to someone's subject identifier or other attribute, put on table and sync it to Grouper quickly
- UMICH wants unresolvable subjects to be handled.
- Becomes a real time USDU daemon
- Unresolvable Subject Deletion Utility (USDU)
- Looking at provisioning
- Test cases
- If it is seen as unresolvable and adds USDU attribute on the member….. This is an attribute framework issue.
- Should there be some locking?
- If same sync process, they lock on each other and get entries in the sync table
- USDU can sometimes take 2 hours to run
- Do we want incremental to not run for a few hours?
- Fix locking issue on attribute framework side
- Race conditions
- Shilen recommends not do locking
- Fix on attribute framework side
- Or have existing cleanup process handle it, that checks for multi assigns
- Shilen will make sure no duplicate USDU attributes
- GRP-4166 Attribute framework should use database constraints to ensure single assign attributes aren't multi assigned
Chris
- Ideal state for diagnostics is
- You hit run and get quick answer if provisioning is set up right
- Now you have to configure provisioner and many more steps and then do diagnostics
- Provisioning workflows: Full, incremental and diagnostics
- Will work on demo movies
Chad
- Friday is Chad’s last day at UNC
- Chad will be working for Unicon as of Aug. 8
- Congratulations Chad!
- Chad will still work on the Grouper Project, including Grouper training
- Next Grouper Training is September 27 – 30, 2022\
MIsc
- Chris Hubing will look at Confluence queries question from Chris Hyzer
- Discussion of Internet2 and postgress or arora, question from Chris Hubing
- Arora may be the future
Emily
TECHEX Dec 5-9 in Denver: CALL FOR WORKING MEETINGS OPEN THROUGH AUGUST 30,
A1 Emily submit a request for Grouper BOF at Tech Ex
- Grouper documentation improvements
- Working on this, Emily and Chris started discussion
- These are Deadlines for blogs for Trust and Identity Newsletters
Issue Roundup
Jiras in past two weeks
- GRP-4164
add auditWs to grouper client help text
GRP-4163
taglib errors in WS
GRP-4162
chained SubjectFinder with subject identifier querying it as subject id
GRP-4161
GroupAnyAttributeFilter() matches partial group names as well as attribute values
GRP-4160
if a group is not provisionable and there is a default value for the membership attribute it is not getting applied correctly
GRP-4159
Grouper validation: enable / disable dates
GRP-4158
validate provisioning azure (and others) that required fields are configured for various CRUD
GRP-4157
call daemon job (that generates loader log) from provisioning unit tests
GRP-4156
fix provisioning start with add daemons so default works and works when editing daemon instead of just inserting
GRP-4155
delete from grouper_loader_log on unit tests
GRP-4154
add more documentation for LDAP provisioning start with
GRP-4153
add clickable description in Grouper UI configuration wizard
GRP-4152
Allow assignments only on group
GRP-4151
dn override "start with"
GRP-4150
Export of loader job won't import
GRP-4149
jexl scripted group brings in privileges
GRP-4148
changing grouper password doesnt encrypt
GRP-4147
dont fail provisioning if there are subject problems (e.g. resolution)
GRP-4145
provisioning membership foreign key blank gives issues
Grouper Emails in past two weeks
- [grouper-users] CHANGE_LOG_changeLogTempToChangeLog error: Duplicate entry for key grouper_change_log_entry.PRIMARY, Baron Fujimoto, 07/15/2022
- Re: [grouper-users] CHANGE_LOG_changeLogTempToChangeLog error: Duplicate entry for key grouper_change_log_entry.PRIMARY, Baron Fujimoto, 07/19/2022
Grouper wiki updates in past two weeks