Attending
- Chris Hyzer, Penn, Chair
- Vivek Sachdiva, independent
- Chad Redmon, UNC
- Carey Matt Black, Purdue
- JJ, Unicon
- Chris Hubing, Internet2
- Drew Aschenbrener, Internet2
- Emily Eisbruch, Internet2
DISCUSSION
Administrivia
- Internet2 Intellectual Property Policy
- Review AIs Grouper Project Action Items (Google Doc)
- Agenda Bash
Training
- Grouper Training coming up Sept 27-30, 2022 https://incommon.org/academy/grouper-school/
Grouper Release
- Grouper v2.6.15 was released.
- https://spaces.at.internet2.edu/display/Grouper/v2.6+Release+Notes
- Chris created an Azure provisioning demo video
- https://youtu.be/abTkJVBMr1M
- Several campuses have working Azure provisioners
- New release has improvements to provisioning, particularly Azure.
- Azure: not selecting ALL in a full, is a special case
- Can be time consuming
Next tasks for provisioning
- Object caching for subjects and target objects
- Handle this in Start Withs
- Touch up doc for start withs
- Work on attribute framework
Rules Issue:
- https://spaces.at.internet2.edu/display/Grouper/Grouper+rules
- A rules issue was found; Chris will work to fix it.
- Suggestion: have ACT AS for all the controls
- actAs: subject that the rule will act as. If blank, then it will be filled in with the user who created the rule (probably a bad idea since the person might leave at some point, unless it is a service principal). There can be configurations in the grouper.properties (details) which allow users to act as other users or GrouperSysAdmin.
- Can have a GSH script to make that happen
- Will require another Grouper release
Current Work
Vivek
- Working on Provisioning and Jiras
- GRP-4217 add button to UI to remove sync data and/or cache dat
- Carey raised question on Auditing issues
- GRP-4299 : Provisioning Framework should produce "Audit data" about what it does to external systems.
- https://todos.internet2.edu/browse/GRP-4298 (new jira for vivek)
Chris
- Provisioning framework changes
- Azure sometimes need to look up a group
- Full sync will get all groups and members….
- Where objects are stored in java
- Logic could be confusing
- Removed a bunch of stuff so data stored in provisioning class
- Using wrappers with pointers to targets
- Improved data model
- Worked on various Jiras
- Test environment issues
- Unicon can help with testing, assign jiras to JJ
- Unicon doing testing in spok and jeb frameworks
- More info showing in daemon logs, don’t need to go to container logs and splunk
- JSON is easier for splunk
- Multiple search attributes (matching fields) in provisioning,
- Chris created an Azure provisioning demo video
- https://youtu.be/abTkJVBMr1M
- Meeting today to talk about how the container works, with chris Hyzer ,Chad, J Gasper, M. Gettes, Chris Hubing
- Openshift issues
- InCommon Looking at moving off CentOS,
- ShibD, Arm
- Distroless
- Idea: Docker file from Shib, copy container file, run shell script, do CHMOD
- During build time
- Won't work for openshift
Chad
- Looking at JIRA around LDAP DN copying from CN field
- Copy translation as well as grouper fields
Issue Roundup
Jiras in past two weeks
gsh template drop down should be able to accept non string columns
- GRP-4295
run rule if condition as grouper system
GRP-4294
Cache name already in use: 'grouperProvisioningTargetsCache'
GRP-4293
refactor provisioning framework data model to simplify and reduce errors
GRP-4292
provisioning azure membership paging size should be 999
GRP-4291
add ability to delete azure users in provisioning dao
GRP-4290
metadata was azureGroupType but attribute is groupType
GRP-4289
azure is doing extraneous updates on groups
GRP-4288
implement "select all groups" = false to speed up provisioners where not need all target groups
GRP-4287
should only have one daemon per provisioner...
GRP-4286
provisioning entity cache fields not set on readonly provisioner
GRP-4285
azure provisioner groups should default to mail enabled false and security enabled true
GRP-4284
azure provisioner only reads 100 groups
GRP-4283
azure provisioner cannot search by userPrincipalName
GRP-4282
azure provisioner only reads 100 users on full sync
GRP-4281
Grouper Report - ad last_index_reserved to OVERALL
GRP-4280
integrate with google analytics
GRP-4279
Various fixes for Azure provisioner
GRP-4278
Various fixes to Google provisioner
GRP-4277
provisioning add command logs to daemon log
GRP-4276
provisioning add all errors to daemon log
GRP-4275
do not allow a new provisioner to have the same config id as existing provisioner
GRP-4274
add provisioning "debug object logs" to daemon DB log able to be accessed from UI
GRP-4273
exception can be masked in provisioner
GRP-4272
provisioning clear target cache when inserting/deleting objects
GRP-4271
improve subject link in provisioner
GRP-4270
show subject attribute names on UI in subject view
GRP-4269
ws.diagnostics.minutesSinceLastSuccess improvement
GRP-4268
allow ldap provisioner to search for entities by dn
GRP-4267
allow ldap provisioner to search by multiple attributes
GRP-4266
add provisioning membership delete setting to only delete memberships that grouper has tracked
GRP-4265
remove individual search filter from ldap provisioning framework
GRP-4264
provisioning azure, if there is a metadata attribute with no translation, auto translate it
GRP-4263
provisioning azure, if there is a metadata, and no corresponding attribute, it should be auto created
GRP-4262
azure dao should searach for entities by configured search attribute(s)
GRP-4261
change ui text for Member from id2 and Grouper from id2 to cache index
GRP-4260
fix ui screen label for gsh template folderUuidToShow
GRP-4259
provisioning allow native group object to be passed back by dao
GRP-4258
provisioning dao adapter on search should match result objects if possible
GRP-4257
on provisioning main configuration page, label for default of add daemon says false but should say true
GRP-4256
provisioning change in cached entity DN in group attributes error retry
GRP-4255
DNE does not work when readonly provisioning for entities that do not exist in target
GRP-4254
refactor registerRetrievedEntities and registerRetrievedGroups for multiple search attributes and cached values
GRP-4253
ldap provisioner: starts with: flat provisioning, name: flatReverseNameLimit64 - fail
GRP-4252
provisioning: delete sync objects that are deleted and are the same as new sync objects
GRP-4251
entity recalc by message not working
Grouper Emails in past two weeks
- [grouper-users] Community contribution page | Princeton University, Jason B. Rappaport, 08/03/2022
Grouper wiki updates in past two weeks