Grouper Users - Open Discussion List

["Bee-Lindgren, Bert A" <>]

Sean,

Thank you for your observations and code. This particular improvement is right on and the next one (group-selection criteria) are fixed in master and are being packaged into a delivered patch that I'm working to validate as soon as I can. In the (short) meantime, it might be best for you to work from the master branch.

Thanks again,

  Bert

---

From: <> on behalf of Sean Mason <>
Sent: Thursday, June 16, 2016 10:23 AM
To:
Subject: [grouper-users] Possible PSPNG and the default groupSelectionExpression

 

Hi There,

 

I’ve traced through the PSPNG source and noticed that my defined to_provision group attributes was not being populated for the Jexl groupSelectionExpression, which pointed me at PspUtils.getGroupAttributes(Group group).

 

The method in PspUtils.java had a call to a deprecated method “group.getAttributesMap(false)” with a note by the author that says:

“    // Perhaps this should start with something like

    // an iteration over group.getAttributeDelegate().getAttributeAssigns()”

 

Modifying the original using that suggestion leads to success in my environment when using the to_provision attribute on a group with a value matching the configuration name (In my case “pspng_nexus”).  The method now looks like:

 

  public static Map<String, Object> getGroupAttributes(Group group) {

    Logger LOG = LoggerFactory.getLogger(String.format("%s.%s", PspUtils.class.getName(), "PspUtils"));     

    Map<String, Object> result = new HashMap<String, Object>();

 

    Set<AttributeAssign> assigns = group.getAttributeDelegate().getAttributeAssigns();

   

    if (assigns != null) {

        Iterator<AttributeAssign> attributeAssigns = assigns.iterator();

        while (attributeAssigns.hasNext()) {

            AttributeAssign assign = attributeAssigns.next();

            LOG.debug("attributeMap assigns attribute: {}", assign.getAttributeDefName());

 

            AttributeAssignValueDelegate assignDelegate = assign.getValueDelegate();

            Set<AttributeAssignValue> values = assignDelegate.getAttributeAssignValues();

 

            Iterator<AttributeAssignValue> attrValues = values.iterator();

            while (attrValues.hasNext()) {

                AttributeAssignValue value = attrValues.next();

                LOG.debug("attributeMap assigns attribute: {} with value {}", assign.getAttributeDefName(), value.getValueString());

                result.put(assign.getAttributeDefName().getName(), value.getValueString());

            }

        }

    }

   

    return result;

  }

 

I’ve attached the modified source file for the project team to examine, as I know just enough to be dangerous, and this may not be an optimal, or completely effective solution for all cases.

 

Now that this is working for me, I have noticed PSPNG creates more groups than it needs when examining them.  I’ve noticed a number of calls to LdapGroupProvisioner.createGroup(GrouperGroupInfo groupInfo) without checking if the group meets the groupSelectionExpression.  I will attempt see if I can resolve that issue next.

 

Thanks,

Sean.