Grouper Users - Open Discussion List

[Olivier Salaün <>]

For the records, here is a GSH script that does the cleanup:

#!/bin/env gsh.sh

GrouperSession grouperSession = GrouperSession.startRootSession()
ruleEngine = RuleEngine.ruleEngine();
for (RuleDefinition ruleDefinition : ruleEngine.getRuleDefinitions()) {
    groupId = ruleDefinition.getThen().getThenEnumArg0().split(" :::: ")[1];
    try {
        group = GroupFinder.findByUuid(grouperSession, groupId);
    }catch (e) {
        id = ruleDefinition.attributeAssignType.getId();
        println("Removing rule " + id + " referring to group " + groupId;
        AttributeAssign attributeAssign = AttributeAssignFinder.findById(id, true);
        attributeAssign.delete();       
    };
}

Le 15/01/2020 à 12:04, Olivier Salaün a écrit :

Thank you for the trick, Chris. It works to get rid of the buggy rules.

In the meanwhile, I tried to perform the same in GSH using :

GrouperSession grouperSession = GrouperSession.startRootSession()
ruleEngine = RuleEngine.ruleEngine();
for (RuleDefinition ruleDefinition : ruleEngine.getRuleDefinitions()) {groupId = ruleDefinition.getThen().getThenEnumArg0().split(" :::: ")[1]; try {group = GroupFinder.findByUuid(grouperSession, groupId);} catch (e) {print(e);};}

But I did not succeed to find the proper method to remove a Rule...

Le 14/01/2020 à 18:19, Hyzer, Chris a écrit :

Go to the lite ui and “view or assign attributes” and query rule attributes on folders and groups.  You can remove or edit from there.  Ok?

 

 

From: <> On Behalf Of Olivier Salaün
Sent: Tuesday, January 14, 2020 9:40 AM
To:
Subject: [grouper-users] How to remove inconsistent Grouper rules

 

Hello,

We are running Grouper 2.2.2.

We have a couple of stems where we can no more create child groups. The addGroup operation fails with this error:

Subject not found by id: 7fb0e77383324299941d5685d9e9820c, Problem in HibernateSession: HibernateSession (6523f4b8): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (6e031511), Problem in HibernateSession: HibernateSession (12be9d42): new, notReadonly, READ_WRITE_NEW, notActiveTransaction, session (6e031511), Problem saving group: ur1:ress:data:ufr:931:31SA:test, thread: 9ed78e5

The same error occurs from both the web GUI and from GSH.

Setting GSH in debug, we found out that the error is caused by rules on that stem that refer to a group that no more exists :

2020-01-14 09:26:17,853: edu.internet2.middleware.grouper.rules.RuleEngine [main] DEBUG RuleEngine.fireRule(482) -  - Rules engine processing rulesBean: group: ur1:ress:data:ufr:922:22BC:testolivier, , found 4 matching rule definitions, ruleDefinition should fire: attributeAssignTypeId: 99fd9d3867d649458767f0fd73941f38, actAsSourceId: g:isa, actAsSubjectId: GrouperSystem, checkStemScope: SUB, checkType: groupCreate, thenEnum: assignGroupPrivilegeToGroupId, thenEnumArg0: g:gsa :::: e1ae892a90974323bc9d1f6d98d973fe, thenEnumArg1: admin, , enumResult: true, ruleDefinition should fire: attributeAssignTypeId: b8c5ca700d0d406bbbe41fdd7dda7fd9, actAsSourceId: g:isa, actAsSubjectId: GrouperSystem, checkStemScope: SUB, checkType: groupCreate, thenEnum: assignGroupPrivilegeToGroupId, thenEnumArg0: g:gsa :::: 25eda98d40e64718823b87cf987e5af5, thenEnumArg1: update, read, view, , EXCEPTION: edu.internet2.middleware.subject.SubjectNotFoundException: Subject not found by id: 25eda98d40e64718823b87cf987e5af5

Querying the Grouper database shows 28 such inconsistent rules :

select * from grouper_rules_v where rule_then_enum_arg0 not in (select 'g:gsa :::: ' || id from grouper_groups);

We don't know how we got in this situation, but we need to get rid of these rules to solve the problem.

What is the best way to remove these rules? What GSH commands could help?

Thanks

--
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54
        
      
-- 
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54
    
-- 
Olivier Salaün
DSI / pôle SI / équipe SNUM
Tel : 02 23 23 74 54