Grouper Call of Aug. 31, 2022

Attending 

  • Chris Hyzer, Penn, Chair
  • Shilen Patel, Duke
  • Vivek Sachdiva, independent  
  • Chad Redmon, UNC
  • Carey Matt Black, Purdue
  • JJ, Unicon
  • Drew Aschenbrener, Internet2
  • Jeremiah Haywood and Ben Raplayea,   Illinois State U
  • Emily Eisbruch, Internet2


New Action Items from this call

  •  Shilen  - write script to take in source ID and delete member rows and references to those member rows , include: note: warning these are the consequences of running this script
  •  Chad -Add link to Dependency Check report on Build steps page.
  •  Chris -Verify Postgres driver version, this is related to  GRP-4322
    Bump postgresql from 42.4.0 to 42.4.1 in /grouper-parent #189

DISCUSSION

 Administrivia

Grouper Training


MidPoint Grouper integration

  •  meetings have been held this week
  • Decision to go in database direction
  • Will discuss later in call


Current Work


Vivek 

  • GSH Template, dropdown w numeric fields, there was an error, Vivek fixed
  • Changed Clear Cache button, only cache buckets are cleared instead of whole row, including incremental sync
  • Client secret issue
  • Provisioning issue,  delete from Grouper side, and recreate w same name within  a week, Grouper gets confused. Important fix
    GRP-4303
    problem deleting and recreating group in azure
  • GRP-4316
    add member web service should remove enabled/disabled dates if already there

  • Vivek working on Azure APIs, trying to use batch APIs to make them faster
  • Azure provisioner is considered slow
  • You can batch APIs together in Azure
  • Can take disparate Azure web service calls and you can put them together 20 at a time into one web service call
  • Can put dependencies on them, they will run and you get JSON responses 
  • You get status for each one
  • It’s like  a reserve proxy.
  • Take DOA for Azure, make singular plural and use batches
  • Idea of adding threading to provisioning framework

Shilen

  • Fix to bad membership finder
  • Issue: composite group disabled, it will still try to adjust memberships for it, fixed now
  • Upgrading hibernate to latest version compatible w Java 8
  • In separate branch now, will merge into 2.6 branch after next release and do additional testing
  • Will work on other bug fixes

Hibernate

  • In Grouper 2.7 and 3.0, should we upgrade hibernate to something no backward compatible? Or move away from Hibernate.
  • Carey: What about reducing support on other databases? Might be good to have fewer things to focus on. 
  • Chris: We are down to 3
  • Build DDL up from scratch should make it easier for all 3 databases to compute and lead to fewer performance issues
  • Shilen: maybe we should strongly recommend postgress
  • Chris: we have complicated queries 
  • In Grouper 3.0 we will simplify and hoping these 3 databases will all perform well and we won’t have to worry.
  • We have lessons learned, like don’t put views on top of views
  • After we release Grouper 3.0, we can revisit

Member Table when you remove  a subject source?

    • Subjects moved from one source to another?
    • Yes, moved from  Peoplesoft view to separate table out of midpoint 
    • ChrisH: SourceID , doesn’t matter, this is the type of users
    • Provide a GSH script to select from members table and do member delete
    • AI Shilen   write script to take in source ID and delete member rows and references to those member rows , include: note: warning these are the consequences of running this script


Chad

  • OWASP has a scanner to look for vulnerability and dependencies .  New report under project reports . Dependency Check report.  See after Sept 3
  •  AI Chad Add link to Dependency Check report on Build steps page.
  • Links to Java doc are hard to find
  • Chris: Grouper 2.6.16 release is coming up
  •    We will need to backport some things

  • Maven Build used to run unit tests, could take 5 hours for a commit
  • Chad had changed Maven config to skip tests
  • Now made that a parameter
  •  
  • GRP 4253   
  • https://todos.internet2.edu/browse/GRP-4253
  • Need a translation script
  • Bug fix for stem finder

  • Working on Grouper Training, coming up in a few weeks
  • Don’t need a new release for training


Docker File and Container 

  • Long and medium term plan for Grouper container
  • https://spaces.at.internet2.edu/pages/viewpage.action?pageId=243073606
  • Change from Centos to rocky linux. For Grouper 2.7
  • Will have centos in parallel 
  • To be released by Tech Ex, December 2022
  • Michael G is leading charge on rocky linux.
  • rocky linux is more lightweight and more stable  
  • Will change process for container
  • More of Docker recommended architecture


Chris


Membership Requirements

  • Grouper membership eligibility requirements
  • To enforce membership eligibility, you can use a composite, rules, JEXL scripted groups, or you can use this new feature.  You can link an attribute with an eligibility group so that immediate memberships (not effective, composite, loaded) will be veto-ed or removed when users are no longer eligible.
  • For manual groups
  • Suggestion to change to architecture of rules.
  •  People want a rules UI 
  • Want an easy way for course-grained eligibility requirements 
  • People using this might not know what group to use
  • Eligibility requirement
  • Attribute that’s a marker on folder or group
  • Allow certain people to assign that attribute
  • concept of power user, potentially 
  • Have a config to link that attribute to that eligibility group
  • From Grouper edit screen, clone capability to folder edit screen
  • New table to store when  a module has removed members
  • Can have a report on that table , or have a GSH script to reinstate if removed in error
  • Name Value Pairs, email the managers, here is a grace period, etc.
  • Add a type for exclude groups
  • Chad, this approach can address issues he had in past   
  • Shilen: question around checking multiples
  • And / Or options
  • Please think about this as an improvement, but not the end state
  • Experimental step towards something more full featured
  • All rules around eligibility should not be needed after this is developed
  • Majority of rules are around eligibility
  • Shilen: Reference groups get complicated; Hard to describe them in 3 or 4 words
  • Link to reference group
  • Description on the edit group, can have tool tip or a link
  • When we make this its own UI, things will be clearer
  • In the wiki, explain this is course-grained, remember issues around temps, people on leave, etc.


Matt: 

  • Two different features rolled into one. Perhaps divide them
  • Once concept is limitation of being able to add people
  • Other, when criteria change over time, they get deprovisioned from the group
  • It’s a separate process
  • We have deprovisioning process in Grouper
  • So focus on the features should be enhance the limit on add
  • That is what is not there
  • Is Bob eligible to be added at this time?
  • Chris: assuming add and remove criteria is same
  • Matt: Perhaps can only be in group for 24 hours


Issue Roundup 


Jiras in past two weeks


Grouper Emails in past two weeks

      none

Grouper wiki updates in past two weeks


Next Grouper Call: Wed.,  Sept. 14, 2022 at 11:30am ET

 

  • No labels