Subject: Grouper Developers Forum
[grouper-dev] Notes: Grouper Call of Wed. 4-Nov-2015
- From: Emily Eisbruch <>
- To: "" <>
- Subject: [grouper-dev] Notes: Grouper Call of Wed. 4-Nov-2015
- Date: Wed, 4 Nov 2015 19:00:03 +0000
- Accept-language: en-US
- Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
- Spamdiagnosticoutput: 1:0
Notes: Grouper Call of Wed. 4-Nov-2015
Attending: Tom Barton, Jim Fox, Marwan Shaher & Pregash Devasagayam (UC Boulder), Chris Hyzer, Misagh Moayyed, Shilen Patel
New Action Items
Carry Over Action items
[AI] (Bert) provide feedback on Grouper training videos (No feedback as yet. Keep open)
[AI] (Bert) will look at improvements to doc around UI Authn with CAS. It was noted that several steps are needed, hard to reproduce. (Keep open).
Chris updated the Grouper roadmap to include Google provisioning and move a few items to “whatever happened to” (done)
Chris H: To be reviewed by other team members, and to provide feedback. Functionality provided here is closely related to the actual release. Working on finishing the UI, though seems rather unlikely for 2.3. Same with PSP NG; might be too ambitious for the initial scope of 2.3. Chris AI to move uportal and KIM to move to whatever happened to, notifications (look at)
2. Current work tasks
· Chris: Duo changelog consumer, messaging changelog consumer https://spaces.internet2.edu/display/Grouper/Grouper+messaging+built+in
Work in progress. When discussing messages, we opted to design a simple messaging system specific to Grouper that can be integrated with ActiveMQ, etc. An extra table is available to manage messages, and daemons will process messages in the list. Queues and Topics are available via Grouper permissions. Create a perm resource that represents a topic, assign to a grouper subject (subjects would be systems that could authN). Would also have a WS that would publish to this messaging queue, and then we should be able to create a changelog consumer to work with this queue. Changes are discussed with Bert, DDL revised based on feedback.
Is this going to come with built-in impls?
Yes. The messaging system interface can be used as the parent contract, with a built-in ActiveMQ impl and later on we can do Azure, AWS DynamoDB, etc. There are a few constraint; ordering can be tricky wrt to transactions. Review timeout configuration; if the messaging system does not handle rejected messages it may be ignored. The implementation of the interface will need to handle rejections.
Other WIP: Duo-Grouper changelog consumer for Penn.
· Shilen: Loader
Had to use an updated version of Quartz. The new version was not compatible with HSQLDB driver, so that was updated too. Had to fix DDL Utils as well (though the project appears to be EOL/Dead) May have to patch it locally? Need the patch to align with build/deployment practices and managing dependencies.
Possible to replace DDLUtils? If the maintenance is going to require a lot of effort to patch locally, we might be able to replace (patching a dead thing is “creepy”!). Otherwise, we will need to find a strategy going forward.
Back to Quartz, if the schedules are not going to be kept in DB: we might need a new interface to manage schedules. The schedule might keep changing in the database with 2 system conflicts. Will review to do a check on startup to move scheduling settings from a config file over to the DB. Rather that keeping settings in memory, that is.
Loading attribute assignments from SOR? Another possible task to work on. Created JIRA based on feedback from John Gasper.
· Bert: PSPNG
Able to prototype of a super fast AD provisioner.
· Misagh: Building and packaging
Try to minimize changes as much as possible to make the transition smoother for all members. WIP.
· Vivek: WS
Working on permission-access. Have a PR pending. Chris will provide feedback.
3. grouperLoader a requirement to run? (if so, TODO for Chris to change documentation and reply to the list)
Grouper loader required for Grouper? Loader handles processing of “temp” functionality, i.e. cleanup. Loader provides a few convenience utils. For deployments that don’t use the changelog, not using the loader might be OK. Jim could provide specific feedback on how Loader could be used at Washington. All imports are done through the REST API, removing the need for the loader.
4. Issue roundup
· Patch for Tim Darby for NPE (done)
· Shilen created Jira for Prevent renaming/moving of groups (done)
· WS subject attribute requested vs default subject names. Append to the list (Can specify which subject attributes are returned from WS. Opt-in requests are also possible.)
· Managing memberships that automatically expire (do it via a rule)
· Privileges around creating, managing, and assigning attributes · Loader and threads (loader has config parameter that can control threads via hints. Enhancements available in 2.2.x that help with thread config and performance.)
· Loader with groups as members (TODO Chris add to wiki)
· Brigitte email from 10/23 needs followup (bulk sync)? If so, then TODO for Bert
· Francesco with JDBC source (New driver was suggested. TODO Chris to followup)
· Jeffrey Crawford folder profiles where user in only one group (hook to create later. Used with a single assignable attribute to a user that cannot be duplicated in different orgs)
· Performance of large group adds and change log (was an idea. not anymore)
· Setting group attributes via loader (new jira)
· Changing subject id of subject (memberChangeSubject function sufficient)
· Grouper and tomcat versions (TODO for Chris to look it)
· Multiple “connected” instances of Grouper
· grouperLoader a requirement to run?
· attributeValue change event vs remove/add (have UI/WS does a remove/add when event is published to changelog. Brown wants just a single update)
· grouper LDAP issues
· upgrade WS/UI and the webapp dir (make sure the compiled webapp directory is used)
5. AD grouper loader
6. AI review
Next Grouper Call: Wed. Nov. 18, 2015 at noon ET
Emily Eisbruch, Work Group Lead, Trust and Identity
office: +1-734-352-4996 | mobile +1-734-730-5749
- [grouper-dev] Notes: Grouper Call of Wed. 4-Nov-2015, Emily Eisbruch, 11/04/2015
Archive powered by MHonArc 2.6.16.