Attending 

• Chris Hyzer, Penn, Chair
• Vivek Sachdiva, independent  
• Chad Redmon, UNC
• Carey Matt Black, Purdue
• JJ, Unicon
• Chris Hubing, Internet2
• Drew Aschenbrener, Internet2
• Emily Eisbruch, Internet2

DISCUSSION

 Administrivia

•  Internet2 Intellectual Property Policy
• Review AIs  Grouper Project Action Items (Google Doc)
•  Agenda Bash

Training

• Grouper Training coming up Sept 27-30, 2022  https://incommon.org/academy/grouper-school/

Grouper Release

• Grouper   v2.6.15 was released.  
• https://spaces.at.internet2.edu/display/Grouper/v2.6+Release+Notes
• Chris created an Azure provisioning demo video  
• https://youtu.be/abTkJVBMr1M
• Several campuses have working Azure provisioners
• New release has improvements to provisioning, particularly Azure.   
• Azure: not selecting ALL in a full, is a special case
• Can be time consuming

Next tasks for provisioning

• Object caching for subjects and target objects
• Handle this in Start Withs
• Touch up doc for start withs
• Work on attribute framework

Rules Issue:

• https://spaces.at.internet2.edu/display/Grouper/Grouper+rules
• A rules issue was found;  Chris will work to fix it.  
• Suggestion: have ACT AS for all the controls
• actAs: subject that the rule will act as.  If blank, then it will be filled in with the user who created the rule (probably a bad idea since the person might leave at some point, unless it is a service principal).  There can be configurations in the grouper.properties (details) which allow users to act as other users or GrouperSysAdmin.
• Can have a GSH script to make that happen
• Will require another Grouper release

Current Work

Vivek

• Working on Provisioning and Jiras
• GRP-4217 add button to UI to remove sync data and/or cache dat
• Carey raised question on Auditing issues
• GRP-4299 : Provisioning Framework should produce "Audit data" about what it does to external systems.
• https://todos.internet2.edu/browse/GRP-4298 (new jira for vivek)

Chris  

• Provisioning framework changes
• Azure sometimes need to look up a group
• Full sync will get all groups and members…. 
• Where objects are stored in java
• Logic could be confusing
• Removed a bunch of stuff so data stored in provisioning class
• Using wrappers with pointers to targets
• Improved data model
  
  
• Worked on various Jiras
• Test environment issues
• Unicon can help with testing, assign jiras to JJ
• Unicon doing testing in spok and jeb frameworks
• More info showing in daemon logs, don’t need to go to container logs and splunk
• JSON is easier for splunk
  
  
• Multiple search attributes (matching fields)  in provisioning,
• Chris created an Azure provisioning demo video  
• https://youtu.be/abTkJVBMr1M
  
  
• Meeting today to talk about how the container works, with chris Hyzer ,Chad, J Gasper, M. Gettes, Chris Hubing
• Openshift issues

• InCommon Looking at moving off CentOS, 
• ShibD, Arm
• Distroless
• Idea: Docker file from Shib, copy container file, run shell script, do CHMOD
• During build time
• Won't work for openshift

Chad

• Looking at JIRA around LDAP DN copying from CN field
• Copy translation as well as grouper fields

Issue Roundup 

Jiras in past two weeks

GRP-4296

gsh template drop down should be able to accept non string columns

• GRP-4295
  run rule if condition as grouper system
  
  
  
• 
  GRP-4294
  Cache name already in use: 'grouperProvisioningTargetsCache'
  
  
  
• 
  GRP-4293
  refactor provisioning framework data model to simplify and reduce errors
  
  
  
• 
  GRP-4292
  provisioning azure membership paging size should be 999
  
  
  
• 
  GRP-4291
  add ability to delete azure users in provisioning dao
  
  
  
• 
  GRP-4290
  metadata was azureGroupType but attribute is groupType
  
  
  
• 
  GRP-4289
  azure is doing extraneous updates on groups
  
  
  
• 
  GRP-4288
  implement "select all groups" = false to speed up provisioners where not need all target groups
  
  
  
• 
  GRP-4287
  should only have one daemon per provisioner...
  
  
  
• 
  GRP-4286
  provisioning entity cache fields not set on readonly provisioner
  
  
  
• 
  GRP-4285
  azure provisioner groups should default to mail enabled false and security enabled true
  
  
  
• 
  GRP-4284
  azure provisioner only reads 100 groups
  
  
  
• 
  GRP-4283
  azure provisioner cannot search by userPrincipalName
  
  
  
• 
  GRP-4282
  azure provisioner only reads 100 users on full sync
  
  
  
• 
  GRP-4281
  Grouper Report - ad last_index_reserved to OVERALL
  
  
  
• 
  GRP-4280
  integrate with google analytics
  
  
  
• 
  GRP-4279
  Various fixes for Azure provisioner
  
  
  
• 
  GRP-4278
  Various fixes to Google provisioner
  
  
  
• 
  GRP-4277
  provisioning add command logs to daemon log
  
  
  
• 
  GRP-4276
  provisioning add all errors to daemon log
  
  
  
• 
  GRP-4275
  do not allow a new provisioner to have the same config id as existing provisioner
  
  
  
• 
  GRP-4274
  add provisioning "debug object logs" to daemon DB log able to be accessed from UI
  
  
  
• 
  GRP-4273
  exception can be masked in provisioner
  
  
  
• 
  GRP-4272
  provisioning clear target cache when inserting/deleting objects
  
  
  
• 
  GRP-4271
  improve subject link in provisioner
  
  
  
• 
  GRP-4270
  show subject attribute names on UI in subject view
  
  
  
• 
  GRP-4269
  ws.diagnostics.minutesSinceLastSuccess improvement
  
  
  
• 
  GRP-4268
  allow ldap provisioner to search for entities by dn
  
  
  
• 
  GRP-4267
  allow ldap provisioner to search by multiple attributes
  
  
  
• 
  GRP-4266
  add provisioning membership delete setting to only delete memberships that grouper has tracked
  
  
  
• 
  GRP-4265
  remove individual search filter from ldap provisioning framework
  
  
  
• 
  GRP-4264
  provisioning azure, if there is a metadata attribute with no translation, auto translate it
  
  
  
• 
  GRP-4263
  provisioning azure, if there is a metadata, and no corresponding attribute, it should be auto created
  
  
  
• 
  GRP-4262
  azure dao should searach for entities by configured search attribute(s)
  
  
  
• 
  GRP-4261
  change ui text for Member from id2 and Grouper from id2 to cache index
  
  
  
• 
  GRP-4260
  fix ui screen label for gsh template folderUuidToShow
  
  
  
• 
  GRP-4259
  provisioning allow native group object to be passed back by dao
  
  
  
• 
  GRP-4258
  provisioning dao adapter on search should match result objects if possible
  
  
  
• 
  GRP-4257
  on provisioning main configuration page, label for default of add daemon says false but should say true
  
  
  
• 
  GRP-4256
  provisioning change in cached entity DN in group attributes error retry
  
  
  
• 
  GRP-4255
  DNE does not work when readonly provisioning for entities that do not exist in target
  
  
  
• 
  GRP-4254
  refactor registerRetrievedEntities and registerRetrievedGroups for multiple search attributes and cached values
  
  
  
• 
  GRP-4253
  ldap provisioner: starts with: flat provisioning, name: flatReverseNameLimit64 - fail
  
  
  
• 
  GRP-4252
  provisioning: delete sync objects that are deleted and are the same as new sync objects
  
  
  
• 
  GRP-4251
  entity recalc by message not working

Grouper Emails in past two weeks

• [grouper-users] Community contribution page | Princeton University, Jason B. Rappaport, 08/03/2022

Grouper wiki updates in past two weeks

• Grouper Azure provisioner (new provisioning framework)

• v2.6 Release Notes

• Grouper container documentation for v2.5

• Grouper provisioning internal object model and technical design

• Grouper provisioning framework

• v2.6 Upgrade Instructions from v2.6

• Release steps for new container build

• DDL in Grouper v2.5+

• Grouper provisioning in UI

• Grouper provisioning configuration scaffolding (start with)

• Grouper provisioner framework tasks