[GRP-5390] mechanism to display differences between file provided properties and db provided properties Created: 25/Mar/24 Updated: 27/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We handle most of our configuration via properties files on the file system. Actions in the UI can (and do) duplicate those properties in the database. It would be helpful if the UI (or a gsh function?) could display all of the properties, identify where they come from, and more importantly, when there are conflicts between the versions on the filesystem and those in the GROUPER_CONFIG table |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 27/Mar/24 ] |
Maybe a configuration report or something? |
[GRP-5392] remove uesrSearchFilter from ldap provisioner config Created: 27/Mar/24 Updated: 27/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 5.9.1, 4.12.1 |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5391] Foreign key constraint missing from Oracle upgrade DDL Created: 25/Mar/24 Updated: 26/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Bruce Timberlake | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://github.com/Internet2/grouper/blob/GROUPER_5_BRANCH/grouper/conf/ddl/GrouperDdl_Grouper_45_upgradeTo_46_oracle.sql is missing this command:
ALTER TABLE grouper_sql_cache_group ADD CONSTRAINT grouper_sql_cache_group1_fk FOREIGN KEY (field_internal_id) REFERENCES grouper_fields(internal_id);
which is present at line 2262 in https://github.com/Internet2/grouper/blob/GROUPER_5_BRANCH/grouper/conf/ddl/GrouperDdl_Grouper_install_oracle.sql
We noticed this when upgrading from 4.8.2 to 5.8.2 and running "./gsh.sh -registry -check -deep" as part of our post upgrade testing and validation. |
Comments |
Comment by Gail Lift [ 26/Mar/24 ] |
This might be a problem with the checking process – the DDL looks fine, and constraints are present in our DB. |
[GRP-5389] jwt puts member_id in wrong column Created: 25/Mar/24 Updated: 25/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jonathan Zhao |
[GRP-5388] show grouper database under external systems Created: 23/Mar/24 Updated: 23/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 23/Mar/24 ] |
not editable |
[GRP-5387] assignCheckSecurity in MembershipFinder doesnt work Created: 23/Mar/24 Updated: 23/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5384] provisioningEntityWrapper.isInGroup() generic jexl error Created: 20/Mar/24 Updated: 20/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.11.1 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This error can be reproduced when the group referenced does not exist. In this case, however, the group name is correct.
|
[GRP-5383] take out option to not auto create built in objects Created: 19/Mar/24 Updated: 19/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
tomee;catalina.out;DEV;Release-220110;2024-03-19T13:24:36,694: [localhost-startStop-1] INFO DirectJDKLog.log(173) - [] - Deploying deployment descriptor [/opt/tomcat/conf/Catalina/localhost/grouper.xml] |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 19/Mar/24 ] |
configuration.autocreate |
[GRP-5338] creating log pipes twice can fail Created: 03/Mar/24 Updated: 19/Mar/24 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 5.8.2, 4.11.1 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chad Redman |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 19/Mar/24 ] |
had to revert this since the fix caused other issues, will fix again |
[GRP-5381] WebService Account with stem create privilege cannot create stem at child level Created: 19/Mar/24 Updated: 19/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Blocker |
Reporter: | Alpha Sanneh | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5380] Upgrade jquery version Created: 19/Mar/24 Updated: 19/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
jQuery 1.10.2 has known vulnerabilities |
[GRP-5378] look at status_grouper to see if works in v5 Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5377] add diagnostics to data provider Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5376] add diagnostics query to data provider query Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5374] add expiration dates to membership export Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5373] if a data field row config id is the same as a data field config id then a corruption occurs Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5370] sql cache group error Created: 15/Mar/24 Updated: 15/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-5368] run load job should not show for scripted group Created: 14/Mar/24 Updated: 14/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5367] add status page with ddl checks Created: 14/Mar/24 Updated: 14/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5366] moving groups should change jexl script for loaded groups Created: 14/Mar/24 Updated: 14/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5345] allow gsh v2 templates to be used for abac patterns Created: 05/Mar/24 Updated: 13/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5364] allow read-only users to have full access to grouper Created: 12/Mar/24 Updated: 12/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.11.2, 5.8.6 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes 2 hours ago is there an ability to create a “read-only” version of the grouper sysadmins? I add someone to sysadminReadersGroup and sysadminViewersGroup and they can’t view daemons or other config stuff that the sysadmins can see. Chris Hyzer 2 hours ago thats the intent of those, but we need to make adjustments. if you want to make a jira and we all agree we can start allowing more part of grouper to be seen by those folks...so for instance daemons, maybe sysadminViewers can see them but not change them? We recently changed things so that our normal NetID accounts aren't in the sysadmingroup anymore (instead they are in the sysadminReadersGroup) and we have separate privileged credentials that are in the sysadmingroup now. Anyways, by doing that, I've noticed this issue as well and would also love to see it resolved |
[GRP-5363] add attribute options for findGroups in grouper client Created: 12/Mar/24 Updated: 12/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
[mchyzer@flash pennGroupsClient-2.6.0]$ java -jar grouperClient.jar --operation=findGroupsWs --groupAttributeName=test:testGroupAttrValue --groupAttributeValue=someVal --debug=true |
[GRP-5362] make the app template key and friendly name consistent with groups Created: 12/Mar/24 Updated: 12/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5361] NPE trying to view "Unresolvable subjects" in the UI. Created: 11/Mar/24 Updated: 11/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.10.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
grouper-ui;grouper_error.log;dev;nothing;2024-03-11T14:52:27,187: [ajp-nio-0.0.0.0-8009-exec-7] ERROR GrouperUiRestServlet.doGet(372) - [] - Problem calling reflection from URL: edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2SubjectResolution.viewUnresolvedSubjects |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 11/Mar/24 ] |
for grouper_members.subject_resolution_deleted (and eligible and resolvable), do those have default values in your database and do any rows have null values? seems like an upgrade tasks didnt work correctly or rolled back after upgrading and then forward? anyways, if you fix that data issue should be good |
[GRP-5354] give a friendly error when setting up composites wrong Created: 08/Mar/24 Updated: 08/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5353] make new test method for google with select entities false and select groups false Created: 08/Mar/24 Updated: 08/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
call that twice, once for full and once for incremental (same test method) |
[GRP-5352] google mock service should fetch individual users by email address Created: 08/Mar/24 Updated: 08/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5349] Google mock service can't fetch an individual group Created: 06/Mar/24 Updated: 08/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.11.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When testing incremental provisioning against the Google mock service handler, creating a group results in the error "java.lang.RuntimeException: There are 2 groups found for name: test:testGroup3". The two groups are for other groups that had already been provisioned. The inability to fetch a single group means that incremental provisioning of a group cannot be accurately tested. The api call being made is: /groups?domain=example.edu&maxResults=200&fields=nextPageToken,groups(id,email,name,description)&query=name%3D%27test:testGroup3%27
This returns back two different groups, neither of which is the one group it specified:
The GoogleMockServiceHandler class getGroups() method does not look at any query parameters other than the limit and page. The getGroups() query is always "from GrouperGoogleGroup where email > :pageToken" and will always return every group. |
[GRP-5308] Provisioning entities not filtering objectClass when Select All Entities is false Created: 08/Feb/24 Updated: 05/Mar/24 |
|
Status: | In Progress |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.10.3 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
LDAP entity provisioner, is provisioning an attribute that only exists for entities with a specific objectClass. Matching is on uid=subjectId. Debugging shows it's only querying on the uid, and does not use objectClass in the filter, nor does the provisioner exclude found entities later by that criteria.
Set up #1: Select all entities at once during full sync = false Attempt 1: Set objectClass attribute = exampleEduPerson Result: No effect; debug log shows ldap filter is the member set: `(|(uid=800000000)(uid=900))`
Attempt 2: Set Entity search filter: `(&(uid=${targetGroup.retrieveAttributeValue('uid')})(objectClass=exampleEduPerson))` Result: No effect. Does this mean the "Entity search filter" is never used for anything?
Set up #2: Select all entities at once during full sync = true Attempt 1: Search all filter blank (should default to uid=* and objectClass=...) Result: Yes, filter is "(&(uid=*)(objectclass=berkeleyEduPerson))"
Attempt 2: Set Entity search all filter = `objectClass=exampleEduPerson` Result: This works; filter is `objectClass=exampleEduPerson`
So the only way to filter users by objectClass is to opt to select all entities at once. There doesn't seem to be a way to filter the returned users when not selecting all entities. At minimum, the help text for the search filter and search all filter should note they are ineffective unless searching all users at once. |
[GRP-5334] Entity CRUD is customized but no options are configured (e.g. insertEntities) Created: 01/Mar/24 Updated: 01/Mar/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
this is for scim deactivate instead of delete. dont put this under crud. workaround is to select true of false for a crud option which matches the default. e.g. set insert entities to true explicitly instead of the default which is true |
[GRP-5330] Scheduled time for daemon job is wrong in UI display Created: 28/Feb/24 Updated: 28/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Jim Beard | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper version: 4.7.2, UI |
Attachments: | bug-quartz-cron2.jpg bug-quartz-cron.jpg |
Description |
When I schedule jobs to run every Thursday, the daemon job UI says they will execute on Friday. The jobs have a quartz cron string of "0 0 10 ? * 5", the UI says they will execute at 10am on Friday. However they are executing on Thursday. This was observed when I had them scheduled for "0 0 10 ? * 4" expecting them to execute on Thursday (thats when the UI said they would execute) but they executed on Wednesday instead. When I use https://www.freeformatter.com/cron-expression-generator-quartz.html to verify the quartz cron string, it says "0 0 10 ? * 5" will execute on Thursday, differing from the UI. The daemon engine seems to execute at the correct time, the UI just shows the incorrect time. |
[GRP-5327] show better provisioning group counts Created: 28/Feb/24 Updated: 28/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black |
Comments |
Comment by Carey Black [ 28/Feb/24 ] |
Version at time of request is v4.10.3 |
[GRP-5326] fix external auth build in v4 and v5 Created: 28/Feb/24 Updated: 28/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://jenkins.testbed.tier.internet2.edu/job/internet2/job/grouper/job/4.10.4/4/console |
[GRP-5261] updates to scim email 2 not happening Created: 12/Jan/24 Updated: 27/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 4.11.0, 5.8.0 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5320] if delete groups in provisioning is true (not default), and an option selected, then a validation occurs but shouldnt Created: 22/Feb/24 Updated: 22/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5319] look at performance of readonly queries Created: 22/Feb/24 Updated: 22/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Evan Hughes Carey Black Carey Black Chris Hyzer Evan Hughes SUCCESS: Database DDL is correct! Note: Database version for Grouper: 44 (2.6.18) Evan Hughes Chris Hyzer Evan Hughes Chris Hyzer |
[GRP-5313] error going to daemon screen Created: 19/Feb/24 Updated: 19/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From demo server just now Error: sql: select count from grouper_loader_log where job_name = ? and status in ('STARTED', 'RUNNING') and last_updated > ? union all select count from grouper_qz_fired_triggers gqft, grouper_qz_scheduler_state gqss where gqft.job_name = ? and gqft.instance_name = gqss.instance_name and gqss.last_checkin_time > ? union all select count from grouper_qz_fired_triggers gqft, grouper_qz_triggers gqt, grouper_qz_scheduler_state gqss where gqft.trigger_name = gqt.trigger_name and gqt.job_name = ? and gqft.instance_name = gqss.instance_name and gqss.last_checkin_time > ? , args: ArrayList size: 6: [0]: CHANGE_LOG_changeLogTempToChangeLog [1]: Mon Feb 19 19:56:48 UTC 2024 [2]: CHANGE_LOG_changeLogTempToChangeLog [3]: 1708372608298 [4]: CHANGE_LOG_changeLogTempToChangeLog [5]: 1708372608298 , Problem calling method daemonJobs on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Admin |
[GRP-5311] ablity to clone an existing GSH template into a new GSH template. ( copy template A into new template B) Created: 17/Feb/24 Updated: 17/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI, WS |
Affects Version/s: | 4.9.4 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The list of "Miscellaneous > GSH templates" actions buttons should have a "copy to new GSH template" option. It should open the '.../grouper/grouperUi/app/UiV2Main.index?operation=UiV2GshTemplateConfig.addGshTemplate' UI with all of the values from the template that the copy was started from. ( Except for the Config ID value The use would need to pick a new value for that. ) Maybe an intermediate UI page would be needed to get the user to supply the new Config ID? But I hope that would not be necessary. This would make it easier to "Clone" and "test a new idea, or change a few things" without needing to destroy/change the original template and all from the UI instead of exporting properties and such. I guess you might even make a GSH template to list existing GSH templates and prompt the user for the new Config ID and let a GSH template copy the properties from the existing template into a new template via the Grouper properties API? ( I guess that might be another way to achieve this goal. ) |
[GRP-5296] add ability for duo to return webauthncredentials and store in loaded table Created: 01/Feb/24 Updated: 12/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 12/Feb/24 ] |
and tokens. counts |
[GRP-5309] Privileges tab to have priv items in More tab Created: 12/Feb/24 Updated: 12/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.10.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From slack: https://internet2.slack.com/archives/C7V0UQDJ4/p1707755500572869 The privileges tab and the “More” tab to the right of Privileges are mostly all about Privileges. Could/Should the Privileges tab also display the privileges related items from the More tab? I have received questions multiple times from people who didn’t know about applying inherited privs simply because it was hidden in the More tab and not within Privileges. I am NOT suggesting to move the items as this might break local documentation already written. I am only suggesting to copy the priv related items into the Privileges tab page to increase the likelihood of a user finding what they need on their own. Thanks for considering this request. |
[GRP-5307] Provisioner case sensitive compare wants to change value only differing in case Created: 08/Feb/24 Updated: 08/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
A groupOfNames provisioner, values for ldap_dn and cn are set for case sensitive compare=false. Testing an initial provisioning run for a Grouper group "case_sensitive2", which should be matching an existing LDAP group "CASE_SENSITIVE2". The matching succeeds, but it still wants to update the CN to match the Grouper case. It also wants to update the DN, but this has no effect in LDAP. Note: The existing LDAP group had no members, so adding the membership also shows up under the ldap mods.
|
[GRP-5306] Provisioners should log DNE errors as SUBJECT_ERROR with unresolvable count Created: 07/Feb/24 Updated: 07/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If a provisioner has any DNE errors at all, it logs the job as an error. It does not show any number for unresolvable count. You don't know what the issue is without looking at the provisioner View Errors, or in the job message, which doesn't show any error other than the DNE that the user has to assume is the cause of the error. Jobs should distinguish between stacktrace level errors, versus a successful run that just had some subject problems. |
[GRP-5047] DB Connection error at startup not stating actual cause Created: 13/Oct/23 Updated: 06/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Since 4.6.0 (possibly related to changes from Comparison of log messages: 4.5.5
4.6.0 - 4.7.2
|
Comments |
Comment by Chad Redman [ 06/Feb/24 ] |
Bumping this up. There are no diagnostics at all if there is a database connection issue at startup, and it makes it very hard to debug, |
[GRP-5301] Messaging Provisioner add messaging type AWS SQS FIFO Created: 02/Feb/24 Updated: 02/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
AWS SQS and SQS FIFO are slightly different. |
[GRP-5300] make a ui method to attest groups easily in gsh Created: 02/Feb/24 Updated: 02/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5299] add membership requirements and rules to the trace membership Created: 02/Feb/24 Updated: 02/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5298] Minor typo on the GSH Template configuration page Created: 01/Feb/24 Updated: 02/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jim Beard | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Version 4.7.2 |
Description |
Found a very minor typo on the GSH Template configuration page. For the element "Externalized text?", the description reads "Selec 'True' if you would like to use externalized text for template name, description, and input labels & descriptions. Default value is 'false'." "Selec" should be "Select". I tried searching Jira tasks to see if this had already been reported or cleaned up, but didn't see it anywhere. |
Comments |
Comment by Jim Beard [ 02/Feb/24 ] |
If you want to you can assign this to me and I'll use it to get my feet wet committing into Grouper. I see there is some development grouper info here: https://spaces.at.internet2.edu/display/GrIntDev/Grouper+Internal+Development+Home with some branch / git steps here: https://spaces.at.internet2.edu/display/GrIntDev/SCM+Branches But that page does look a little dated. |
[GRP-5297] duo commands class should have helper method for raw json Created: 01/Feb/24 Updated: 01/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5295] scheduler check daemon is null Created: 01/Feb/24 Updated: 01/Feb/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Skipping handleBlockedAndAcquiredStates. Skipping handleErrorState. Skipping handleMissingTriggers. java.lang.NullPointerException: Cannot invoke "java.sql.Timestamp.before(java.sql.Timestamp)" because "startedTime" is null |
[GRP-5294] Typo: "Problem with ldap conection" Created: 30/Jan/24 Updated: 30/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5293] Provide a view to the container logs via the UI Created: 30/Jan/24 Updated: 30/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jim Beard | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Sometimes the people working in the UI don't have immediate access to the container where logs are being stored / held, or access is not convenient. It would be nice if there was a way to access INFO and DEBUG, etc. log statements from the UI. |
[GRP-5284] when extension is invalid put the character that is in valid in the error message to narrow down the troubleshooting Created: 26/Jan/24 Updated: 26/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 26/Jan/24 ] |
"The folder ID can only contain letters, numbers, underscore, or dash" |
[GRP-5283] auto created loader group descriptions should auto-update too Created: 25/Jan/24 Updated: 25/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5282] in the container dont sed to port -1 Created: 24/Jan/24 Updated: 24/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5279] Browse Folders "sync" button should expand the folder that is finally selected Created: 23/Jan/24 Updated: 23/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.9.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
4.9.3 |
Attachments: | image-2024-01-22-22-24-11-169.png image-2024-01-22-22-24-32-694.png image-2024-01-22-22-25-26-874.png |
Description |
When clicking the "sync button" in the "Browse folder" UI element. The folder that is currently selected in the "work area" should be "opened/expanded" in the Browse Folder display instead of being "closed/collapsed".
incorrect ( current behavior ) |
[GRP-5278] deprovisioning screen lists memberships that are not active Created: 22/Jan/24 Updated: 22/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5277] GSH template V2 test not handling GrouperUtil.gshReturn (non-zero?) Created: 22/Jan/24 Updated: 22/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.10.1 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Set up a gsh template test, setting input values and executing the template. If something is wrong, the v1 template would call GrouperUtil.gshReturn() with a non-zero exit code. The V2 test throws a stacktrace, but doesn't output or log anything to tell what happened. May capture exceptions, and show the output lines as far as it got?
|
[GRP-5276] Template V2 GshTemplateTestExec should know its own configId, shouldn't need to explicitly define it Created: 22/Jan/24 Updated: 22/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | 4.9.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When a gsh V2 template is created, it should know its own configId. Tests in the class should use it by default. You shouldn't need to tell the running template what configId kicked it off. And is manually set it and it runs a different template, is this a feature at all, or something you don't want?
|
[GRP-5274] Allow dashes in ConfigIds Created: 21/Jan/24 Updated: 21/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | 2.5.30, 2.6.0, 5.0.0, 4.0.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2024-01-21-16-41-31-989.png |
Description |
When creating a provisioner, gsh template, daemon job, etc., the value for the configId is checked for syntax. It only allows /^[a-zA-Z0-9_]+$/, which is alphanumeric or underscore. Was there any technical reason why dashes are disallowed? They are perfectly legal in Java property keys. It's a confusion for users since they usually assume dashes are ok, until they try to save and get the error.
|
[GRP-5272] enabled/disabled daemon should audit as such, it says "loader" which is confusing Created: 19/Jan/24 Updated: 19/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5271] When entitlement string changes in an LDAP usersWithEduPersonEntitlements provisioner configuration, the old entitlement values are not removed. Created: 18/Jan/24 Updated: 18/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Jim Beard | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
tested in grouper 4.5.5 |
Description |
I changed the string value that the provisioner is provisioning as an entitlement. I notice that after running the full sync on it, both the old and new entitlement values are now placed on the user accounts in LDAP. The old values are not removed. Here is the configuration for the provisioner this was observed in: provisioner.eduPersonEntitlement.addDisabledFullSyncDaemon = true Another organization that I was working with ran into a similar issue with a provisioner they were working on as well. |
[GRP-5270] Add Loader unresolved subject errors to the UI, similar to DNE errors for provisioners Created: 18/Jan/24 Updated: 18/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jim Beard | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Provisioner DNE errors can be viewed via the UI. Loader subject unresolved errors are not available through the UI and have to be found in the logs. It would be helpful to be able to view them in the UI to determine what data elements are not being identified correctly. |
[GRP-5269] if not selecting readers from app template, fails with "need to select parent actions for child actions" Created: 18/Jan/24 Updated: 18/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5267] Analyzing scripted loader when data fields are from import, ""grouperDataRowWrapper" is null" Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 5.7.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Trying to create a scripted group, in which the data fields have been imported rather than created manually. Clicking analyze gives a flash message:
Java stack trace
|
[GRP-5266] Scripted group editor has link to Data field dictionary; opens in same window so loses editing Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5265] Data field dictionary needs examples for all types, not just entity.hasAttribute Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 5.7.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Data fields assigned to entities: "Use this in an ABAC scripted group, e.g. ${entity.hasAttribute('aliasName')}" (this is ok)
Data row: hr_positions: no documentation; need to guess the syntax or look at the crashplan demo on the wiki
Global data fields: "Use this in an ABAC scripted group" (no syntax represented)
Data fields assigned to groups: "Use this in an ABAC scripted group" (no syntax represented)
|
[GRP-5264] No UI hints how to get data from a data field provider Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 5.7.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
After looking through source code, it seems a full sync and incremental sync needs to be manually created? |
[GRP-5263] Can't run scripted group job from loader config, "Cant find grouper loader type of group: <groupName>" Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon, UI |
Affects Version/s: | 5.7.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Result: flash text:
|
[GRP-5262] Add data provider query, subject source id should be drop down Created: 16/Jan/24 Updated: 16/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 5.7.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Description |
|
[GRP-5250] Grouper startup checking external dbs should skip disabled ones Created: 08/Jan/24 Updated: 09/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
GrouperCheckConfig.checkGrouperLoaderConfigDbs() This loops through all the loader configs for databases, and tries to connect. If you want to put something on hold by setting it to disabled, it still tries to connect at startup and log a stacktrace. |
[GRP-5246] Tomcat rewrite valve should be opt-in or have a way to opt out Created: 05/Jan/24 Updated: 05/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | 5.7.0, 4.10.2 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Startup function setupFilesTomcat_rewriteValve() sets tomcat to redirect / to /grouper. If you are running a UI, there is no direct way to circumvent it. Maybe a blank rewrite.config file will block it from trying to create one? It may be better to make it somewhat intentional if you want that behavior. |
[GRP-5242] gsh templates v2 should support gshReturn Created: 03/Jan/24 Updated: 03/Jan/24 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 03/Jan/24 ] |
just return and not gshReturn() |
[GRP-5222] Non-root error for provisioning edit from provisioner row action (editProvisioningOnGroup2) Created: 30/Dec/23 Updated: 30/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.5.0, 5.3.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When an ACL group (provisioner.{configId}.groupAllowedToAssign) is configured for a provisioner, and non-root users are put into it, they can edit the provisioning from the Provisioning actions menu. But if there is a provisioner listed, the Actions > Edit provisioning menu item returns an error: "Error: Cannot access provisioning., Problem calling method editProvisioningOnGroup2 on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Provisioning".
|
[GRP-5173] update descriptions with examples of ldap resolver in provisioner Created: 04/Dec/23 Updated: 27/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5219] Need jexl script test for provisioningEntityWrapper.isInGroup('...') Created: 27/Dec/23 Updated: 27/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When testing out whether as script using ${provisioningEntityWrapper.isInGroup('xxx')} works, it needs an instance of GrouperProvisioningTranslator to create the cache map. I don't see a clear way to set this up using the script beans |
[GRP-5208] Paging config history with a filter clears the filter on next page Created: 21/Dec/23 Updated: 21/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
1) Go to Config history 2) Add a text filter that matches more than 50 values 3) Click next to go to the next 50 entries
Result: The filter is cleared. Confirmed by showing the total number of results on the second page, not the filtered number |
[GRP-5207] add option to send report as attachment of email Created: 20/Dec/23 Updated: 20/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5206] add email addresses to report config Created: 20/Dec/23 Updated: 20/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5205] email to local entities with display extension Created: 20/Dec/23 Updated: 20/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5204] with entity link, if not in target, look up the user again Created: 20/Dec/23 Updated: 20/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. if deleted and re-added quickly dont use the same uuid on incremental |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Dec/23 ] |
2023-12-15 09:37:00.862: Provisioner 'AZURE_AD' (vzhhf0yz) state 'end' type 'incrementalPr }} |
[GRP-5203] add status diagnostics daemon success threshold to daemon screen somewhere Created: 20/Dec/23 Updated: 20/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Dec/23 ] |
add a link to instructions to change it |
[GRP-5201] After editing a daemon config, return to daemon details, not the All Daemons page Created: 18/Dec/23 Updated: 18/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When editing and saving changes to a daemon config, the user goes back to the All Daemons page and needs to find the daemon in the list again to get back to it. |
[GRP-5200] UI wizard for rules Created: 18/Dec/23 Updated: 18/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Managing rules via creating attribute assignments is tedious. There should be an easier way of setting them up. |
[GRP-5191] add a misc report list page Created: 14/Dec/23 Updated: 14/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5190] LDAP_GROUPS_FROM_ATTRIBUTES should optionally treat a missing attribute as a certain value Created: 14/Dec/23 Updated: 14/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The way the LDAP_GROUPS_FROM_ATTRIBUTES loader is written, it fetches the configured groupAttribute for a row, and loops all the attribute values to convert into a group name.But if the user does not have the attribute it doesn't process it at all. This means that users can't be put into a group of subjects missing the attribute. This could be enhanced by adding a new option for "Group attribute default value if null". The code could easy accomodate this by checking for an empty array of values, and create a 1-element array if so. |
[GRP-5135] Rewrite container installer as a script Created: 19/Nov/23 Updated: 13/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The java based installer still works, but there is a lot of complexity to it. It also can't handle snapshots, so the only way to test a container build is by tagging a release. The container installer can be made simpler by having a script in the docker/grouper project, which would be outside of the grouper project so it can be modified separately. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Nov/23 ] |
lets discuss |
[GRP-4370] Move banner and footer into jsp includes Created: 21/Sep/22 Updated: 13/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.2.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The banner in the Index jsp template currently allows only the customization of the logo. Installations may want to add more functionality, like the environment, Grouper version, special notices, etc. The footer also has hardcoded © {institutionName}; thus the only customization option is the institution name. They may not even want a copyright notice. If the institution wants more customization than that, the option is to fork the index.jsp page itself (there is a commonHead and commonBottom jsp, but these are for scripts and css). The risk is in technical debt of always watching for jsp changes to merge during upgrades, and of having a broken page if the change was not noticed. If the banner and footer were extracted and made into separate partials that were included during page build, it would be a smaller risk for the maintainer.
|
[GRP-5189] Attributes in group view/edit shows integer as floating point Created: 13/Dec/23 Updated: 13/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-12-13-00-09-46-495.png image-2023-12-13-00-09-58-204.png image-2023-12-13-00-12-59-944.png |
Description |
edu/internet2/middleware/grouper/attr/value/AttributeAssignValueDelegate.java:1638
Probably should be Long, not Double |
[GRP-5181] Add jexl to report subject and body; include variables passed from gsh script Created: 08/Dec/23 Updated: 08/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, reporting |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When getting an email for a report, it would be improved by including more information to it, so the recipient can decide the urgency of viewing the report.For example, including the count of non-compliant members, so staff can see it directly in the email. It can also be improved by using real jexl variables, and not the $$ syntax which is more limited in expressiveness.
|
[GRP-5177] attestationDaysBeforeToRemind is not a default metadata attribute for attestation Created: 06/Dec/23 Updated: 06/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 4.x |
Description |
When attestation is configured for a folder/group, the attestation attribute is assigned with a set of metadata attributes included based on user input. AttestationDaysBeforeToRemind is not included, nor is it readily apparent that it is set. Possible Steps to remediate: -Add "Days before reminders" row to Group Attestation - View attestation settings to display attestationDaysBeforeToRemind. -Update "Attention: this group's memberships need to be attested soon." to include the number of days before attestation is required". |
[GRP-5174] make membershipsave easier (e.g. subjectid) Created: 05/Dec/23 Updated: 05/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5172] Please update built in help to remove deprecated features/language Created: 04/Dec/23 Updated: 04/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Custom group types has a link to https://spaces.internet2.edu/x/QIbd which describes the feature as deprecated "As of Grouper 2.2". I think it is safe to remove it from the UI help text now. Also I think the term "Entity" has generally been replaced by 'Subject' at this point too. |
[GRP-5171] membership disabled dates should show up on screen similar to how you enter in a disabled date Created: 03/Dec/23 Updated: 03/Dec/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
see if we can make things consistent throughout the UI. Note, the timezone is displayed on membership screen, and if that is entered in the disabled screen maybe it can still work as is... |
[GRP-5169] LDAP to SQL translation label reads "loaderLdapElUtils can be used, and ldapLookup" which is not correct Created: 30/Nov/23 Updated: 30/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.5.42 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In a LdapToSqlSyncDaemon setup, the description for a translation field reads:
But I don't see anywhere in the source code for the class where loaderLdapElUtils and ldapLookup are added to the EL variable map. If I debug, I only see ldapAttribute__XXX variables. Also, the text about "Mutually exclusive with 'LDAP attribute name'" is confusing. The LDAP attribute name field doesn't show up when doing a translation, so it's not something users need to worry about. It does work with the full path to the LoaderLdapElUtils class, since it's a static method. So this works:
When changing the description text, it may also be useful to note that the virtual attribute EntryDn should be available as an attribute name, and ldapAttribute__EntryDn for a translation. This is due to the Dn handler added by default to the LDAP settings. |
[GRP-5168] when on a report screen, cannot click on members tab Created: 29/Nov/23 Updated: 29/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-11-29-02-39-28-565.png |
Description |
|
[GRP-5136] Remove forked classes in ext and extMore Created: 19/Nov/23 Updated: 28/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, grouperClient |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Files in an "ext" source directory in grouperClient and grouper-installer are forked classes from external dependency source code, with packages renamed. Was the goal to not have external jars so that a standalone jar could be executable? There are ways in Maven to unpack and repackage required classes from dependencies into a single jar (shade plugin), so this fork method is no longer necessary. It's also a security risk, as the classes are frozen in time from the time they are forked, and are not easily upgraded. They are also not as visible to security scanners, since they are not in their own published jars. There is also an ext directory in the Grouper api for Apache ddlutils classes. It's possible that was a workaround to fix functionality. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Nov/23 ] |
lets discuss this... |
Comment by Chad Redman [ 28/Nov/23 ] |
v5 branch feature/grp-5136-shade-jars for review |
[GRP-5159] add clone access screen to grouper ui Created: 27/Nov/23 Updated: 27/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Andrew Costa 5 replies Chris Hyzer Chris Hyzer Andrew Costa |
[GRP-3516] ldaptive v2 patch Created: 09/Jul/21 Updated: 26/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 5.6.0 |
Type: | Task | Priority: | Minor |
Reporter: | Daniel Fisher (vt.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Chad Redman (unc.edu), Chris Hyzer (upenn.edu), Shilen Patel (duke.edu)
|
Description |
Hello devs, I created a branch that contains the code changes needed to migrate ldaptive from v1 to v2. I'm not sure what your plans are in terms of Java 8/11 and Grouper 2.5/2.6, but I thought it would be useful for someone to review those changes. If nothing else it should help from a planning perspective. https://github.com/dfish3r/grouper/tree/ldaptive-v2 These changes do build successfully but I wasn't able to run the docker based tests on my system. I'd be happy to work through errors if someone is willing to post the output.
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 12/Jul/21 ] |
Daniel Fisher (vt.edu) Thanks! Do we need Java 11 for ldaptive v2? We generally save major library upgrades for major Grouper upgrades, but I appreciate all the legwork here! |
Comment by Daniel Fisher (vt.edu) [ 13/Jul/21 ] |
Good question. I don't publish an official JDK8 jar, but a JDK8 version can be built and published to your own repository. It was meant to provide a path for those needing to test before they could get onto JDK11.
|
Comment by Daniel Fisher (vt.edu) [ 13/Oct/23 ] |
This issue should be closed in favor of: https://todos.internet2.edu/browse/GRP-5048
|
[GRP-5147] Create api methods to create standard application and policy from template Created: 22/Nov/23 Updated: 22/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Setting up a standard application and policy using the built-in template requires the UI jar, and only works by simulating the checkboxes from the setup. The code below shows how to hack it to work. It's a lot of code. There should be a way to do this from a builder method, and not resorting to UI classes.
|
[GRP-5146] App template friendly name triggered by typing, not autocomplete Created: 22/Nov/23 Updated: 22/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-11-22-15-10-53-281.png |
Description |
In the application template, if you start typing in the Key field, the friendly name follows the typing. If there is a history of previous templates, and you chooose one to autocomplete, the friendly name doesn't get updated. |
[GRP-5088] Provisioner External entity attributes not working for incrementals Created: 26/Oct/23 Updated: 22/Nov/23 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.7.1 |
Fix Version/s: | 5.5.0, 4.8.0 |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | grouper-loader (62).properties |
Description |
The setup for this is:
Result:
|
Comments |
Comment by Chad Redman [ 13/Nov/23 ] |
Resolved. The actual issue was matching the group by its ldap_dn, when this is a target field. It's not known why this doesn't behave correctly since it's in the cache. The workaround is to calculate the ldap_dn with jexl.
|
Comment by Chris Hyzer (upenn.edu) [ 22/Nov/23 ] |
if the dn is the match id, then people who are deleted get added back |
Comment by Chad Redman [ 22/Nov/23 ] |
Will try to reproduce minimal test case. What I've seen - if the group match is ldap_dn instead of cn, I get the inconsistent behavior with incrementals. Add a user, add another user, delete the users, add a third user ==> all 3 users are in LDAP. |
[GRP-5134] Reorganize source directories to be more standard Created: 18/Nov/23 Updated: 18/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
grouper
grouperClient
grouper-ui
grouper-ws/grouper-ws
grouper-ws/grouper-ws-java-generated-client
grouper-ws/grouper-ws-java-manual-client
grouper-ws/grouper-ws-test
grouper-misc/grouper-installer
grouper-misc/grouper-pspng
grouper-misc/grouper-box
grouper-misc/grouper-duo
grouper-misc/googleapps-grouper-provisioner
grouper-misc/grouper-azure
grouper-misc/webapp/grouper-ui-webapp
|
[GRP-5131] dont allow config ids with private or pass or other things that autoencrypt... Created: 15/Nov/23 Updated: 15/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 15/Nov/23 ] | |||||
maybe look at suffix of property to see if it should be private, dont check entire key | |||||
Comment by Chris Hyzer (upenn.edu) [ 15/Nov/23 ] | |||||
|
[GRP-5127] grouperProvisioningGroup fields not available during delete, gives NPE Created: 15/Nov/23 Updated: 15/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The only fields available to jexl grouperProvisioningGroup during a delete are id, idIndex, and name. These are not available during a delete, and trying to using another field like displayExtension gives a cryptic error that grouperProvisioningGroup is inaccessible. Either more fields should be available, or the field description should be clarified. |
[GRP-5126] If a loader display name has the wrong number of colons, it uses the parent extension twice Created: 15/Nov/23 Updated: 15/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If a group sql query has a:b:c:d as a group name and a:b:d as the display name, it will set the display name to be something like a:b:b:d. This works for one group (although it's very confusing in the UI), but fails on the second group because it has the same parent stem display name. The loader should just immediately fail if there is at least one colon and they don't match. |
[GRP-5120] add visibility easy metadata option for azure Created: 13/Nov/23 Updated: 13/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5115] Report gsh scripts can't be >4000 characters Created: 10/Nov/23 Updated: 13/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.7.1 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Report type: GSH ERROR: value too long for type character varying(4000) UI Error:
|
[GRP-5118] allow provisionable for small groups Created: 10/Nov/23 Updated: 10/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Kevin Rooney Chris Hyzer Kevin Rooney |
[GRP-5117] simplified UI for GSH templates (Security and "return to full UI" feature request) Created: 10/Nov/23 Updated: 10/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.8.0 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I think the use of the of a GSH Template 'simplified UI' should be possible by users who are not generally allowed to use the UI. ( AKA: not in the 'Grouper UI access' group) Instead the GSH templates 'Security run type' config should fully control who can and can not use that GSH's 'simplified UI'. Also I think the GSH template should support a "return to the full UI" link on the 'simplified UI' for those users who can use the full UI. ( AKA: members of the 'Grouper UI access' group) WHEN the GSH template allows the link to be show in the simplified UI. ( a new config setting in the GSH template setup.) |
Comments |
Comment by Carey Black [ 10/Nov/23 ] |
Bonus points if the GSH template also could be optionally configured to "redirect the user to the full UI page that they were on before the GSH template was started". |
[GRP-4930] in visualization change the provisioning to the provisioning framework instead of pspng Created: 01/Sep/23 Updated: 09/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chad Redman [ 09/Nov/23 ] | ||
New installations are getting this because they never set up pspng:
|
[GRP-5112] md_grouper_allowProvisionableRegexOverride use causes errors when importing from gsh script Created: 09/Nov/23 Updated: 09/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | gsh |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
4.8.0 |
Description |
Steps to recreate: Attempt to import from gsh and receive: groovysh_parse: 2: illegal string body character after dollar sign; |
[GRP-5111] fix newlines in email rules (plain text) Created: 09/Nov/23 Updated: 09/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Graham Ballantyne |
[GRP-5104] Provisioner retrieve AD objectSid and objectGuid as string instead of binary Created: 02/Nov/23 Updated: 09/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If you want to use an unchanging id for an AD group to detect renames, you could potentially use objectSid or objectGuid which are unique for each group in AD. However, these are binary values, and Grouper is unable to store them in the cache table. I don't see other good options, unless you use the group idIndex or uuid, but it needs the right kind of object to be able to store the value into a custom attribute.
|
Comments |
Comment by Bert Bee-Lindgren (gatech.edu) [ 03/Nov/23 ] | |||||||
Georgia Tech could populate Grouper's GroupId into a random ad.extensionAttributeNN attribute, but those are used by various groups around GT. Using objectSid or Guid would be much more elegant. | |||||||
Comment by Chris Hyzer (upenn.edu) [ 04/Nov/23 ] | |||||||
convert binary to base64? | |||||||
Comment by Bert Bee-Lindgren (gatech.edu) [ 04/Nov/23 ] | |||||||
>base64? That's a really good question! I was thinking that, too, but then I realized that it won't be directly usable in future searches in Base64, as objectSid=<base64> won't match anything.
Here are three choices:
| |||||||
Comment by Daniel Fisher (vt.edu) [ 09/Nov/23 ] | |||||||
Ldaptive can parse these attribute values into their string representations. These classes have static methods for conversion:
|
[GRP-5098] Provisioning: Entity Attribute and responsibility for a prefix Created: 27/Oct/23 Updated: 08/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Critical |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Our Grouper's Ldap-Entity-attribute provisioning share entitlement attributes with other systems. We are having pretty constant problems getting values removed and have tried to raise the level of Grouper responsibility to "Delete if value managed by Grouper." We had hoped that this would scrub extra values from users who were not in the groups provisioned by grouper. As you might imagine from this Jira, we continue to have problems with extra attributes remaining in our ldap. Chad Redman should be posting a Jira about this. This Jira is requesting that we be able to define an attribute-value prefix to define value 'ownership.' For example, we would define prod grouper being responsible for gt: and Test being responsible for test:gt:. This might simplify the code and fix our current problems, but it might also help when groups are deleted from grouper or, perhaps, unmarked for provisioning. ATM, we're going to have to manually scrub these attributes in an oob script. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Nov/23 ] |
In 4.7.2+ the other delete settings should work better. You can delete if grouper deleted, or if grouper manages that value. If we need the prefix thing we can add it but we should be ok with the current settings right? So many delete options |
[GRP-5110] loader list doesnt show disabled jobs correctly Created: 08/Nov/23 Updated: 08/Nov/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford |
[GRP-5091] translate grouper memberships to target using id index as int(8) uses strings Created: 26/Oct/23 Updated: 26/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
23-10-25 23:45:31.242: Provisioner 'iam_unifieddb_group_memberships' (vygitnze) state 'translateGrouperMembershipsToTarget' type 'fullProvisionFull': {state=translateGrouperMembershipsToTarget}(vygitnze): Grouper target memberships (6): |
[GRP-5087] sql provisioning to only a membership table has issues with new provisionable groups, and maybe other things. do a full test Created: 25/Oct/23 Updated: 25/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Oct/23 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 25/Oct/23 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-5084] delete rows from grouper_members table where it is not used anywhere (e.g. pit or audits etc) Created: 25/Oct/23 Updated: 25/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5083] Loader Failsafes: Information Improvements Created: 25/Oct/23 Updated: 25/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We had a sql-list loader job trigger a failsafe and found a few ways that would help us handle it.
|
[GRP-5081] add a jexl script tester for ldap loader group name expression Created: 24/Oct/23 Updated: 24/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5080] edit button on report daemons should go to report edit screen Created: 23/Oct/23 Updated: 23/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-5079] when indexing rules see what queries can be done in batch (e.g. checkKeyForStem) Created: 23/Oct/23 Updated: 23/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5076] Provisioning: Activity Improvements Created: 23/Oct/23 Updated: 23/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Major |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-10-23-00-51-50-135.png image-2023-10-23-01-09-46-839.png |
Description |
There's such a wealth of information about what the Provisioner framework is doing, but I wanted to report that I'm not finding what I'm looking for when I'm troubleshooting or otherwise answering questions. This Jira is an attempt to describe some changes that would help, but we want to warn you that ideas will probably come to us iteratively. Some of what happens when we try to use existing transparency: We turn to the Activity Report for a provisioner pretty frequently, but we're often faced with all the information looking something like this:
What 'Activity' is this trying to tell us? It seems to be saying that the Provisioner didn't see the membership in the target system at 1:47, but that it did see it in the system a few hours later at 4:18. However, it seems to indicate that it didn't make any changes. To me this is reporting that the provisioner lost track of memberships in the target system at 1:47 and then rediscovered they were actually there at 4:18. This is odd for various reasons, but isn't what we're typically looking for. Note: This person's membership in this group hasn't changed for over a month, and many successful Full Sync provisioners have run before these 1:47 and 4:18 instances:
Note that the 1:17 did provision a lot of memberships, but they are not related to the activity line above. Also note that we can't use the existing UI to understand what those 16k changes were.
Suggestions:
Thank you |
[GRP-5075] Provisioning Logs: Counts seem to be expected changes Created: 23/Oct/23 Updated: 23/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-10-23-00-24-40-000.png | ||||||||
Issue Links: |
|
Description |
We had an Active Directory Provisioning problem where an error-logging line threw an unexpected RuntimeException and, therefore, crashed out the provisioner's Full Sync. This Jira is not about this Exception nor the provisioner's resilience to logging exceptions; I don't think it's worth the trouble to catch problems with logging. Instead, this Jira is about how the Daemon Log was confusing while the provisioner had this problem.... Every FullSync's daemon log for weeks showed thousands of changes into and out of our Active Directory. The top half of this screen shot is after the logging problem was fixed >10-18 05:17, and the bottom half shows the problem.
We believe that the 4000ish adds and 4000ish deletes were never actually happening, but were instead the expected changes based on comparing Grouper to the Target System. We were very confused and chasing ghosts for a good while. Additionally, the Activity Log didn't show any activity so we doubted it as well. This report is requesting that the counts be a tabulation of actual changes made and anticipated changes. Perhaps the expected counts could be log4j-logged, but the Changes Made numbers in the Daemon Log should be correct. |
Comments |
Comment by Bert Bee-Lindgren (gatech.edu) [ 23/Oct/23 ] |
|
[GRP-5070] Job log include elapsed time in something besides millisecond Created: 20/Oct/23 Updated: 20/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-10-20-13-07-55-396.png |
Description |
This request is just for convenience. Sometimes it's hard to tell how long something runs, especially when the numbers are large. It should be something friendly, like 2h 21m or 2d3h25m if it runs that long.
|
[GRP-5069] Remove "Attribute name for net ID" from subject source Created: 20/Oct/23 Updated: 20/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This is a field that shows up in subject source configuration, but there is no explanation what a "net ID" is for. I had traced through the source code a while ago, and at that time it was only used in either the custom UI or a less common reporting setup. It would eliminate some confusion if it were just refactored to not use this custom net ID. It we do need some kind of preferred identifier, then maybe it just needs to be rebranded – renaming and adding a description. |
[GRP-5068] Throttling functionality for WS Created: 19/Oct/23 Updated: 19/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Services that sustain a high rate of API calls to the WS can cause it to run out of memory over time. Workarounds have been to conduct periodic restarts to reclaim the memory in a timely manner. If WS were feature a form of throttling, it can allow WS nodes to require less frequent restarts and indicate to services that they need to slow their roll.
|
[GRP-5067] put version of grouper not in config part since that is locked down Created: 19/Oct/23 Updated: 19/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5066] stem view privilege table needs a primary key for mysql Created: 19/Oct/23 Updated: 19/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-5064] folders should be able to read attributes without create Created: 18/Oct/23 Updated: 18/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5063] readonly admins should be able to read everything in misc (e.g. daemons etc) Created: 18/Oct/23 Updated: 18/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5062] allow various attestation email schedules Created: 16/Oct/23 Updated: 16/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. for some groups have it email every three days... |
[GRP-5059] full provisioning run should update all target cache buckets on retrieved objects Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5058] incremental membership errors should recalc group/entity on retry (not recalc memberships) Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5057] a DN change (which causes membership provisioning error) should retry next incremental run and not fail other actions Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5056] add option to look up group and entities always (not recalc memberships) Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5055] refreshEntityLinkIfLessThanAmount is not working Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 14/Oct/23 ] |
check group one too |
[GRP-5054] grouper loader diagnostics should work for large jobs... (partial?) Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 14/Oct/23 ] |
i think they are running but need a thread to refresh screen until its done... |
Comment by Chris Hyzer (upenn.edu) [ 14/Oct/23 ] |
Bert Bee-Lindgren |
[GRP-5053] add google start with metadata options which also adds attributes with translation Created: 14/Oct/23 Updated: 14/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Description |
For example, prompt for all these things in start with (manageGroupsManageEntities or manageGroupsReadonlyEntities) |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 14/Oct/23 ] | ||
Comment by Chris Hyzer (upenn.edu) [ 14/Oct/23 ] | ||
If true, set that metadata show to true in the group configuration and also add an attribute for that setting with a translation like this
|
[GRP-5051] SCIM provisioner NPE on missing json values itemsPerPage and startIndex Created: 13/Oct/23 Updated: 13/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.40, 2.6.0, 4.0.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This is from a demo server with this request and response: http://scim:8080/scim/v2/Groups?startIndex=1&count=50
The offending line:
The problem isn't getting the integer, it's that the null value it gets can't be assigned to an int. Per the RFC both itemsPerPage and startIndex are only required when there is paging |
[GRP-5050] Logging error in container librarySetupFilesTomcat.sh Created: 13/Oct/23 Updated: 13/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Wil Cooley | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In function `setupFilesTomcat_sslCertsClient`, most of the log message identify themselves as being called from `setupFilesTomcat_sslCertsAnchors`, e.g.,
Here's a small demonstration script:
Abstracting the logging this way would also make it easier to incorporate $ENV and $USERTOKEN and make the format consistent with the formats used everywhere else. |
[GRP-5049] add batch and bulk operations to duo Created: 13/Oct/23 Updated: 13/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://duo.com/docs/adminapi#create-multiple-users https://duo.com/docs/adminapi#bulk-user-operations |
[GRP-5042] local entities should be resolvable by uuid Created: 11/Oct/23 Updated: 11/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5041] document the deprovisioning and adding user back veto Created: 11/Oct/23 Updated: 11/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Grouper+deprovisioning |
[GRP-5030] Can't add entitySubjectIdentifier attribute to local entity Created: 06/Oct/23 Updated: 11/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | 4.7.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Trying to add attribute etc:attribute:entities:entitySubjectIdentifier to a local entity per documentation in https://spaces.at.internet2.edu/display/Grouper/Grouper+local+entities. Result is:
The attribute assignment is being treated as if it's being added to a subject, not an entity. If I edit the assignment to allow it to be set for members, I can add the attribute. But then I can't add a value to it due to another error:
|
Comments |
Comment by Chad Redman [ 06/Oct/23 ] |
Also can't view the assignments once assigned.
Stacktrace (very long, it's all from the same single page view)
|
[GRP-5040] add option to not have ability to delete built in attributes (defs and names) Created: 11/Oct/23 Updated: 11/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
like this
groups and folders |
[GRP-5036] make folder and group dropdown wider so long names show Created: 08/Oct/23 Updated: 08/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Oct/23 ] |
[GRP-5033] total count of sql sync incremental should be number of change log records Created: 07/Oct/23 Updated: 07/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
should also confirm it updates the inserts/updates/deletes |
[GRP-5032] OWASP_CSRFTOKEN header has underscore, not passed along by nginx Created: 07/Oct/23 Updated: 07/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Trying to debug a Grouper UI error going to any page besides the main page. Comparing the browser headers vs. the ones seen by the server, the OWASP_CSRFTOKEN header is missing. There is an nginx front end forwarding to Grouper, but possibly another hop too. Internet searches suggest that nginx by default doesn't pass headers containing an underscore. See https://stackoverflow.com/q/17920949 . The fix is likely to configure nignx to allow underscores:
but I haven't tested this yet. Longer-term, if it's possible to change this header name to replace or remove the underscore, it means Grouper would work out of the box with nginx without customization. The header string is both in the Owasp configuration, javascript, and Java code, so it may not be a trivial change that end users can do. |
[GRP-4563] Add switch for Apache to log x-forwarded clientip instead of load balancer Created: 12/Jan/23 Updated: 07/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | 2.6.19.1 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When using a load balancer, you can set GROUPER_APACHE_REMOTE_IP_HEADER and GROUPER_APACHE_REMOTE_IP_INTERNAL_PROXY to get the underlying originating address to Apache and Shibboleth. The Apache configuration is using the default log format which is %h for the host. If this is switched to %a, it logs the original address it gets from the remoteIp header. It's working with a custom hook to modify the log format. But it would be good if everyone using LBs didn't need to add that.
|
Comments |
Comment by Chad Redman [ 07/Oct/23 ] |
This is now configured in /etc/httpd/conf.d/09_i2inc_logging.conf. This isn't part of the Grouper distribution, so it may be in the i2incommon/shibboleth_sp image. |
[GRP-5031] index for grouper_audit_entry last_updated Created: 06/Oct/23 Updated: 06/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In V4: Add to the postgres, oracle, and mysql new installation ddl Add an UpgradeTask that will add the index if it doesn't already exist. (Hopefully there's a clean way to see if indexes exist across the databases.)
Oracle: check user_indexes and then 'create index audit_entry_last_updated_idx on grouper_audit_entry(last_updated) online;'
Postgres: create index concurrently if not exists audit_entry_last_updated_idx on grouper_audit_entry(last_updated);
Mysql: |
[GRP-4982] daemon screen is slow Created: 20/Sep/23 Updated: 04/Oct/23 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/Oct/23 ] |
initial pass at this sets page size to lower number |
[GRP-5025] hide side panel by default institution-wide and people can expand it Created: 04/Oct/23 Updated: 04/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4984] Provisioner error handling should allow threshold of DNE errors before job error Created: 20/Sep/23 Updated: 04/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Right now, there is a setting for a provisioner in error handling: "Object not exist is error" which corresponds to DNE errors. A small number of these is usually ok to ignore, but you may want large numbers of DNE's to trigger an error, since it may be a larger problem in the target data.
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Sep/23 ] |
there is a new setting to help with this where you can ignore certain attributes if they are null which I would assume causes most of the DNE. Then you shouldnt have to ignore DNE errors? Or where do you see that there are a large number of DNEs?
|
Comment by Chris Hyzer (upenn.edu) [ 27/Sep/23 ] |
ie dont kick off another full due to errors |
Comment by Chris Hyzer (upenn.edu) [ 27/Sep/23 ] |
add another job status? (ok but has issues) |
[GRP-4958] Jobs exit while in starting state, nothing logged Created: 14/Sep/23 Updated: 04/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-09-20-13-12-56-883.png |
Description |
This is an intermittent problem seen especially in provisioning jobs. The job stays in the starting state, nothing happens or is logged, yet a few minutes later the job runs again. Shouldn't the job runner be captured any errors, so that unless the container restarts, all jobs should have an eventual status before running again? |
Comments |
Comment by Chad Redman [ 15/Sep/23 ] | |
Once I saw a log message that just said it was in state initConsumerName. But mostly the log messages are blank | |
Comment by Chad Redman [ 20/Sep/23 ] | |
The latest time I am seeing this with v4.5.5: the log says state 'end':
| |
Comment by Chris Hyzer (upenn.edu) [ 04/Oct/23 ] | |
jvm is dying. OOM error? |
[GRP-4968] make sure case insensitive compare works in membership attributes (groupAttributes and entityAttributes), e.g. dn's Created: 15/Sep/23 Updated: 04/Oct/23 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 4.7.0 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5020] if there is an error in duo admin create entity it does not show command log Created: 02/Oct/23 Updated: 02/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5019] tune up duo admin role start with Created: 02/Oct/23 Updated: 02/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5018] in duo admin startwith we should support converting no special chars and display extension from starts with Created: 02/Oct/23 Updated: 02/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g.. if the translated role is ApplicationManager, send Application Manager to duo. in the starts with for role mapping, displayExtension is not an option and should be |
[GRP-5016] Edit "Organization hierarchies via the grouper loader" page to be more applicable Created: 02/Oct/23 Updated: 02/Oct/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Organization+hierarchies+via+the+grouper+loader
This page is currently Penn-centric, and a lot of the page is how to set up a PoC to match it. I was looking for a more general example of a rollup loader to send to a client, but this is the best page I could find. The screenshots are also from the Admin UI which no longer exists. |
[GRP-5011] add in abac virtual attributes where an attribute can be looked up to derive Created: 29/Sep/23 Updated: 29/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. if a student record identifies a division. and the division is in a school. then maybe we dont need an attribute for school and can have a row about the division that populates virtual attributes |
[GRP-5010] make grouper loader logs optional for logging DEBUG Created: 29/Sep/23 Updated: 29/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
<Logger name="edu.internet2.middleware.grouper.app.loader.GrouperLoaderLog" level="debug" additivity="false"> maybe check other logs too |
[GRP-5008] add subject resolvable and deleted status in provisioning member details Created: 29/Sep/23 Updated: 29/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5006] add imports to GSH commands that need it Created: 28/Sep/23 Updated: 28/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. https://spaces.at.internet2.edu/pages/viewpage.action?pageId=188842249 |
[GRP-5003] add ability to save entire metadata json in provisionableSave GSH class Created: 27/Sep/23 Updated: 27/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-5002] midpoint provisioner starts with not working Created: 27/Sep/23 Updated: 27/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes |
[GRP-4556] LDAP provisioner error: "inaccessible or unknown property grouperProvisioningGroup" on group delete with DN jexl displayName Created: 09/Jan/23 Updated: 27/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.6.18.1, 4.1.6, 4.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Caused by: org.apache.commons.jexl2.JexlException$Property: edu.internet2.middleware.grouper.util.GrouperUtil.substituteExpressionLanguageScript@11387![124,160]: 'edu.internet2.middleware.grouper.util.GrouperUtil.ldapBushyDn(edu.internet2.middleware.grouper.util.GrouperUtil.stripPrefix(grouperProvisioningGroup.displayName, 'app:active_directory:groups:'), 'CN', 'OU', true, false) + ',OU=Groups,DC=example,DC=edu';' inaccessible or unknown property grouperProvisioningGroup
Seeing this at two different institutions. This is a periodic problem, and sometimes doesn't show up the first run. |
Comments |
Comment by Chad Redman [ 22/Aug/23 ] |
Still exists as of 4.1.6. |
Comment by Chad Redman [ 26/Sep/23 ] |
Tested again with 4.1.7; this is specifically a problem with deletes. I can reproduce this locally so I will debug some more |
Comment by Chad Redman [ 27/Sep/23 ] |
Found the issue, it's in GrouperProvisioningLogic.calculateProvisioningGroupsToDelete(). It's only setting grouperProvisioningGroup attributes for id, idIndex, and name. So if the DN is based on a jexl using displayName or something else, it is null and returns this error.
|
Comment by Chris Hyzer (upenn.edu) [ 27/Sep/23 ] |
anything not in point in time needs to be in a cache bucket |
Comment by Chris Hyzer (upenn.edu) [ 27/Sep/23 ] |
make sure extension is in the PIT group represenation |
Comment by Chris Hyzer (upenn.edu) [ 27/Sep/23 ] |
test if DN is translated (e.g. truncating path) and cached from target, if this will delete |
[GRP-5001] check quartz table for running quaartz processes, and if a job has a registered process that isnt listed, end it with error and description Created: 27/Sep/23 Updated: 27/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
make sure jobs running manually (e.g. outside of quartz) are not affected |
[GRP-4998] should be able to add entity attribute if not provisioning entities Created: 26/Sep/23 Updated: 26/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
see rsst_role test case, can add group attribute, but not entity |
[GRP-4997] in sql provisioner dont prompt for group table name if doing no crud on groups Created: 26/Sep/23 Updated: 26/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4993] Add a notes field for attestation Created: 25/Sep/23 Updated: 25/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
As requested by a customer. Have a notes field when attesting a group. Maybe clicking the button expands to show a text field? It may be enough just to have it in the audit log, and the would see the notes in the audit history. |
[GRP-4992] Option to default membership filter to Direct or Indirect for certain groups Created: 25/Sep/23 Updated: 25/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
As requested by a customer. For certain groups, they need to always filter to see the direct memberships, which is an extra step every time.
May something like this? grouperUi.membershipFilter.pattern.direct = ref:student:., app:.:security:.* |
[GRP-4991] Hide the Create group/Create folder button if the current user can't create any groups or folders Created: 25/Sep/23 Updated: 25/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
As requested by a customer. The button is confusing if the user isn't the manager of any groups or folders. |
[GRP-4990] Allow to add membership notes when adding a membership Created: 25/Sep/23 Updated: 25/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 4.6.0 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Similar to adding a start/end date on a new membership, have fields for membership attributes that can be added. The configuration can be similar to the Group editor page where you can configure which attributes show up. |
[GRP-4985] usdu starts but stays in starting state until next run 24 hours later Created: 20/Sep/23 Updated: 25/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-09-20-14-07-26-170.png |
Description |
Nothing logged in the job.
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Sep/23 ] |
i think the daemon is dying... Grouper needs to detect this and let the admins know that something is very wrong. in your case is USDU running when other big jobs are running? |
[GRP-4983] add show users button on membership screens Created: 20/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for performance purposes, do not show memberships by default. (option for user stored in user preferences?) (global default?) |
[GRP-4957] Incremental LDAP provisioner always runs the full sync even if no changelog entries Created: 14/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Note that the full sync result is error status due to DNE errors. Could that be related? |
Comments |
Comment by Chad Redman [ 15/Sep/23 ] |
Some experimenting suggests that DNE errors count toward the membership threshold for converting to a full sync. The default is 10000, which means it would be a lot of DNEs before this gets to be an issue. However, in a non-production environment with inconsistent data refreshes, this could be realistic. But the DNE's will never be fixed, so the threshold will be always there, meaning the full sync will run every minute. Maybe there needs to be an advanced option for only actual changelog generated data to count toward the threshold, and not DNE errors from a full sync? |
Comment by Chris Hyzer (upenn.edu) [ 20/Sep/23 ] |
there is a new feature to just not provision (no error) if an attribute is null. would that solve this? |
Comment by Chad Redman [ 20/Sep/23 ] |
It's the entity resolution triggering the DNE. It would only be null as the result of the DNE, and already counted |
[GRP-4952] provision a user with a MAT error, then unprovision them. The framework keeps complaining Created: 13/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
if a record has an error, but is not provisionable and not in target, then ignore it |
[GRP-4962] SQL provisioner membership requires the group column to be a standard core field Created: 14/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The group-related column when provisioning to a membership table needs to be one of the core (id, name, displayName, ...) fields. If it's a translation script, there is an error "Error: Cant find membership column to use for matching when it involves groups". The source code looks through all the provisioned columns, and only accepts if it can find one with a GrouperProvisioningGroup value. Note it's not about uniqueness, since it allows the value to be displayExtension, which is far from guaranteed unique. It's an easy workaround just to add another column that can store a core value (ideally the name, id, or idIndex). But it's not documented that it's required, and the error message is oddly written. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Sep/23 ] |
i think this shouldnt be a core field, it should be a group attribute right?
|
[GRP-4969] if adding value to a metadata attribute, it should show that attribute (in addition) to the underlying attribute Created: 15/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 15/Sep/23 ] |
Comment by Chris Hyzer (upenn.edu) [ 20/Sep/23 ] |
this shows "rule", but that is the underlying attribute. The attribute (is an attribute metadata on an attribute assignment), is really ruleThenEnum or whatever. the rule, and the ruleThenEnum should show on screen with sensible labels |
[GRP-4980] put default commented out gsh script when adding new template or daemon or changelog consumer Created: 20/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4979] when saving abac script validate that groups exist, and make them cacheable if not Created: 20/Sep/23 Updated: 20/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4978] stem view privilege type issue? Created: 19/Sep/23 Updated: 19/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
groupRowsInserted: 0, groupInsertTookMs: 19, exception: java.lang.RuntimeException: Unexpected privilege type: attributeDef |
[GRP-4976] table sync should normalize data to BigDecimal for example (from long) Created: 18/Sep/23 Updated: 18/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. in the crashplan example |
[GRP-4961] Old reports should be deleted after a period of time Created: 14/Sep/23 Updated: 14/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Is this a current feature? If you set reporting, it saves a row in the database and a blob for it. Is this going to just increase forever? There should be an option for how many reports to keep, or to expire them after a certain period of time. |
[GRP-4960] Need documentation on managing failsafes Created: 14/Sep/23 Updated: 14/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.5.5 |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently can't find any documentation on managing provisioner failsafes in the UI. |
[GRP-4956] allow gsh template ws to specify result body json Created: 14/Sep/23 Updated: 14/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
right now it is json embedded in json |
[GRP-4954] go to group, membership attribute assignments, then click on Group Privileges tab, nothing happens Created: 14/Sep/23 Updated: 14/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4953] membership actions menu needs to be alphabetical Created: 13/Sep/23 Updated: 13/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4951] oidc session timeout issues Created: 13/Sep/23 Updated: 13/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 13/Sep/23 ] |
2023-08-01T10:04:15,297: [ajp-nio-0.0.0.0-8009-exec-7] ERROR GrouperUiFilter.initRequest(1189) - [] - error in init |
Comment by Chris Hyzer (upenn.edu) [ 13/Sep/23 ] |
Liam Hoekenga [1:42 PM] |
[GRP-4941] the full scim provisioner should replace every time Created: 08/Sep/23 Updated: 13/Sep/23 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 10/Sep/23 ] |
when i run full scim provisioner, it does not count the number of replaces, is it replacing the membership for every group? |
Comment by Chris Hyzer (upenn.edu) [ 10/Sep/23 ] |
i think that one works right it just needs to indicate the count in the debug logs where it says how many replaces? maybe the udpate col in the loader logs too? |
Comment by Chris Hyzer (upenn.edu) [ 13/Sep/23 ] |
When full runs it should replace all memberships of all groups, there should be an option in group advanced to not do this (current behavior), lets discuss |
[GRP-4949] GrouperLoader: Cleanup based on Loader Metadata Created: 12/Sep/23 Updated: 12/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Major |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We have begun creating auxiliary/sidecar groups based on memberships of other groups, sometimes reference groups. For example, we have Admin (aka PSA) accounts issued to some people in addition to their personal account, and we sometimes want to group those Admin accounts. Another example is where we want the Supervisors of people in a Group (eg, Supervisors of people who have not completed mandatory training so we can notify those supervisors). Again, these use cases and others have led us to selectively create these derivative groups, and the best location we've determined for them is adjacent to the source group. The (only?) downside of this approach is that the we end up have multiple loader jobs creating groups in a given folder... ref:affiliations may be 99% managed by our affiliation-loading job, but a handful of groups are added and managed by these sidecar capabilities. This means that the affiliation-loading job can not 'own' ref:affiliations to clean up old groups when a department goes away or whatever. This Jira is requesting that sql-group-list loader jobs (or other multiple-group-managing loader jobs) support removing groups they previously loaded (probably based on loader metadata) when they're no longer listed in the upstream system. We think this should be the default behavior, but understand that that might be dangerous at this point. |
[GRP-4920] web service user who can see an attribute gets an error when reading membership assignments Created: 30/Aug/23 Updated: 12/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 12/Sep/23 ] |
Graham Ballantyne August 29th slack discussion |
[GRP-4945] attribute assignments with lengthy values should use the ellipses and abbreviated values, click and see textarea Created: 11/Sep/23 Updated: 11/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 11/Sep/23 ] |
[GRP-4944] provisionable groups button on UI on provisioning screen take a long time Created: 10/Sep/23 Updated: 10/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4922] make provisioning creation lag configurable per provisioner (with defaults for various provisioners) Created: 30/Aug/23 Updated: 10/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4940] add shortcut for attribute framework provisioning integration Created: 08/Sep/23 Updated: 10/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Just enter the name of the attributes and grouper should figure it out |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 10/Sep/23 ] |
for external group attributes, in addition to SQL option, can be "Attribute framework". Ask user for comma separated attribute names (fully qualified). And validate that those are existing attribute names (note, not attribute defs). for each one, see what the structure is with query. for ones that are assignable to group with no value, do one SQL to get those like the existing query, assign value to true if exists for ones that have a name/value on group, do one SQL and assign values for ones that have assignable to group assignments, do one SQL and assign values |
[GRP-4943] add more data conversion strategies Created: 10/Sep/23 Updated: 10/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This error was converting a String to a boolean
Caused by: java.lang.RuntimeException: Not expecting value: class java.lang.String
|
[GRP-4942] Data provider change log queries Created: 09/Sep/23 Updated: 09/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4938] Interesting bug, not sure if it's an issue past 2.x version, but [in Grouper External Systems for external system type of LDAP] selecting TLS (as default) doesn't work, TLS set to "True" must be selected. In case this is helpful for anyone else out there. Created: 07/Sep/23 Updated: 07/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
if not fixed already this should default to false |
[GRP-4936] add gsh built in validation for list of netids Created: 04/Sep/23 Updated: 04/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4935] add some GSH template built in validations with colons (for group names) Created: 04/Sep/23 Updated: 04/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4934] add placeholder provisioner which doesnt do anything but allows provisionable assignments and metadata (splunk example) Created: 03/Sep/23 Updated: 03/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4931] take duplicates out of scim user group select Created: 01/Sep/23 Updated: 01/Sep/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4926] upgrade jline Created: 31/Aug/23 Updated: 31/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Emilio Recio
3 replies Emilio Recio Emilio Recio |
[GRP-4925] see if change log temp can update hib3 loader log so ui shows progress Created: 30/Aug/23 Updated: 30/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4923] change changeLog.changeLogConsumerBatchSize to 10k or something higher in v5 Created: 30/Aug/23 Updated: 30/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 30/Aug/23 ] |
run tests and see whats best |
[GRP-4918] if the provisioner supports it, add "Provision now" buttons to groups, entities, and memberships Created: 29/Aug/23 Updated: 29/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4914] assign password on configuration screen Created: 28/Aug/23 Updated: 28/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 28/Aug/23 ] |
if asterisks are submitted (or blank?), dont change password. if a password is in there, set it |
[GRP-4913] Refactor data provider syncing Created: 28/Aug/23 Updated: 28/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 5.3.4 |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4903] NullPointerException: ChangeLogTempToEntity.processGroupSetAdd Created: 25/Aug/23 Updated: 28/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.6.19.3 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-08-24-22-54-56-359.png |
Description |
Job: CHANGE_LOG_changeLogTempToChangeLog Our ChangeLogTemp processing got stuck, throwing NullPointerExceptions. We ended up deleting a CLET row to get things moving again (see image). Of course, we're interested in what the invalid row was, how it came to exist, as well having the job auto-recover instead of throwing NPEs.
| grouper-ui;provisioning.log;2023-08-24T21:31:10,117: v2 [DefaultQuartzScheduler_Worker-10] ERROR e.int.middleware.grouper.app.loader.GrouperLoaderJob - [] - Error running up job |
The row we deleted, viewed via a copy of grouper_changelog_v put stop CLET: id change_log_type_id context_id created_on string01 string02 string03 string04 string05 string06 string07 string08 string09 string10 string11 string12 |
Comments |
Comment by Chad Redman [ 25/Aug/23 ] | |||
Line 2006 in 2.6.19 is not a line that would trigger an NPE. ??? | |||
Comment by Chris Hyzer (upenn.edu) [ 28/Aug/23 ] | |||
do you have a patch (class file in classes dir) or something? are you sure its 2.6.19? |
[GRP-4905] fix provider query defaults on ui Created: 25/Aug/23 Updated: 25/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
"Provider query subject id type" has comment under dropdown "Which type of subject id. Default value is 'false'." huh? |
[GRP-4902] (vt) shouldnt need an entity translation if doing WS provisioning Created: 24/Aug/23 Updated: 24/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4899] add externalId to groups in scim provisioning Created: 24/Aug/23 Updated: 24/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4892] add jexl tester example for removing accented chars Created: 24/Aug/23 Updated: 24/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 24/Aug/23 ] | ||
|
[GRP-4889] Metadata not available for jexl in LDAP provisioner diagnostics Created: 24/Aug/23 Updated: 24/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 4.5.2 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If provisioner metadata is in a grouperProvisioningGroup jexl (e.g.
|
[GRP-4885] copying folders should have a progress screen Created: 21/Aug/23 Updated: 21/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4876] add option for case insensitive subject source id/identifier searches Created: 08/Aug/23 Updated: 16/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Richard Frovarp Chris Hyzer Richard Frovarp |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 16/Aug/23 ] |
option in subject source to lower or upper the subject id and/or identifier |
[GRP-4883] provisioning error screen in ui not showing mat errors Created: 16/Aug/23 Updated: 16/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
on 4.5.2 I have an AD provisioner which hit a MAT error in the daemon log (see below) but the error does NOT surface in view errors for the SLAC_ADtestGroups provisioner in the UI. |
[GRP-4879] Full/Incremental overlap protection does not timeout Created: 12/Aug/23 Updated: 15/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.6.19.3 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Bert Bee-Lindgren (gatech.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Our ChangelogTemp processing was 24+ hours behind and to try to isolate the problem, we disabled "optional" jobs – loaders and provisioners – until things seem stabilized. We then got our loaders running. We then tried to get full-syncs running, but they seemed to not do anything theoretically because the Quartz and LoaderLogs tables still indicated that ancient copies of the jobs were running (when the daemons running them had long exited). After several efforts, we had to manually clean qz_fired_triggers and loader_logs which seemed to get the Full daemon jobs proceeding.
This leads to the following suggestions:
|
Comments |
Comment by Chad Redman [ 15/Aug/23 ] |
A complicating issue was that a docker container wasn't running, but the java process from the container was somehow running, and functional enough to phone home to quartz that they were available, but didn't actually start the jobs assigned to it. The issue did serve to illustrate how badly things go when full syncs and incremental syncs don't coordinate and nothing progresses. |
[GRP-4882] TIER instrumentation daemon shows success even if fails due to firewall Created: 15/Aug/23 Updated: 15/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 4.1.6 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Instrumentation is firewalled, it times out after 40 minutes, but still reports as a success in the daemon log. Status Success Took
|
[GRP-4874] stem view privilege incremental should catch up after full sync finishes Created: 07/Aug/23 Updated: 07/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.19.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Seen with Grouper 2.6.19. There was a large amount of changelog entries to process, and the stem view privileges were out of date. However, the full sync had run at some point, and the incremental sequence pointer should have been updated. |
[GRP-4873] advice for google external system security when not managing users Created: 07/Aug/23 Updated: 07/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Marwan Shaher |
[GRP-4872] change google external system to better describe credentials Created: 07/Aug/23 Updated: 07/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-08-07-13-23-32-687.png |
Description |
|
[GRP-4871] test deprovisioning and make sure it works Created: 07/Aug/23 Updated: 07/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Alpha Sanneh Chris Hyzer |
[GRP-4850] jexl loader add methods entity attribute value like or regex Created: 19/Jul/23 Updated: 04/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4869] fix help text of jexl loader Created: 02/Aug/23 Updated: 02/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4868] add provisioning tests to remove member without making the member unprovisionable. i.e. not managing members (e.g. google but others too) Created: 02/Aug/23 Updated: 02/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4865] allow grouper loader to specify active dates on groups / memberships Created: 01/Aug/23 Updated: 01/Aug/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful if the grouper loader could specify the dates in which a group or membership are active.
e.g. Our source data includes information on when courses are in session. It would be helpful if a loader was configured to automatically create course groups, if that loader could also specify the enabled / disabled dates for the group based on what's in the source data. similarly, it would be useful if the loader could specify at the membership level when an individual subject's membership in the group started / ended. We have use case where we want new hires to be in a "new hire" group for a year after their start date. It would be excellent if we could base end of that membership based on a date from HR rather than a date relative to when Grouper first noticed the user (in a certain group).
|
[GRP-4863] add friendly description for parts of abac script Created: 31/Jul/23 Updated: 31/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4861] LDAP loaders need a way to filter non-person source members Created: 31/Jul/23 Updated: 31/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When used with loaderLdapElUtils.convertDnToSpecificValue(subjectId), the loader will parse every row indiscriminately, including the row which is not a person. At minimum there will be unresolvable subjects, but at worst the non-person member will accidentally have the same id as a real person, and that person will incorrectly be loaded. There should be some way to indicate to skip rows. The existing jexl converter property would be a good place for it. Experiment 1:
This calculates a subjectId of "null" in 2.6.19, and since there is no subject with this id, it is an unresolvable subject. Other rows do load. There is a warning in the daemon log for the bad row, but the job log is success, and nothing is in the job log about any bad rows. Experiment 2:
Runtime exception: "Result has a null subject_id, please correct the query (maybe just filter where subject_id is not null)". No rows loaded, and the job ends in error state. Experiment 3: LDAP_GROUPS_FROM_ATTRIBUTES, setting Attribute filter expression Result: Doesn't work – the filter expression is for the group attribute, not the subjects. |
[GRP-4857] start with in sql provisioner can add same column twice Created: 26/Jul/23 Updated: 26/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 26/Jul/23 ] |
users too |
[GRP-4856] provisioning subject attribute cache translation that returns nothing evaluates to "null" string sometimes and should be null Created: 25/Jul/23 Updated: 25/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
use an attribute that doesnt exist |
[GRP-4839] Add config options to restrict membership export Created: 10/Jul/23 Updated: 19/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In order to prevent users from downloading a list of all employees, etc., have some way to restrict the export functionality. Options?
|
Comments |
Comment by Chad Redman [ 19/Jul/23 ] |
Other ideas after discussion:
|
[GRP-4846] Loader job action to clear a job stuck in the Started state Created: 12/Jul/23 Updated: 12/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI, WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If a job is started but something happens and it exits without updating the status, it is stuck in the starting state in the loader log, and won't start again until restart (or until it gets reset in 10 minutes?). It would be good to clear out the state so it can restart normally, without needing to restart the whole daemon, or doing sql manipulation to clear out the stuck job from the log. Something available in the API and WS as well as the UI would be good for more options. |
[GRP-4841] if you call groupSave over WS, it should only update attributes that are sent Created: 10/Jul/23 Updated: 10/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from Graham Ballantyne e.g. it clears out the enabled/disabled dates |
[GRP-4840] if you save a group over WS (and maybe API) and include the same idIndex, it will fail Created: 10/Jul/23 Updated: 10/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
java.lang.RuntimeException: idIndex already in use: 12345 |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 10/Jul/23 ] |
from Graham Ballantyne |
[GRP-4835] consider jsoup cleaner for html in descriptions Created: 07/Jul/23 Updated: 07/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://jsoup.org/cookbook/cleaning-html/safelist-sanitizer |
[GRP-4833] moving a group has the folder symbol Created: 06/Jul/23 Updated: 06/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-07-06-02-39-17-605.png |
Description |
|
[GRP-4823] cannot assign entity identifier to local entity in ui Created: 04/Jul/23 Updated: 06/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4824] local entity identifier should go in subjectIdentifier1 Created: 04/Jul/23 Updated: 06/Jul/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4801] show membership history in v5 throws stack Created: 25/Jun/23 Updated: 25/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4798] error creating stem on fk_grouper_st_v_pr_st Created: 21/Jun/23 Updated: 21/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 21/Jun/23 ] |
drop that foreign key for a temporary fix |
[GRP-4796] configurable mood / theme music Created: 16/Jun/23 Updated: 16/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Jeffrey Williams (uncg.edu)
|
Description |
Grouper should support theme or mood music while in UI. It could be as simple as associating midi songs with certain activities, or as complicated as using AI to procedurally generate music appropriate for the population being managed. Maybe it plays a little jingle when a massive group import is completed, like when my dishwasher finishes a load of dishes? I feel that it could increase satisfaction in UAT. |
[GRP-4763] delete a user from duo. then add them back and add membership with incremental. The cache should have new entity id and work Created: 22/May/23 Updated: 12/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/May/23 ] | ||||||||||||||||||||
| ||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 12/Jun/23 ] | ||||||||||||||||||||
"it doesn't seem to pick up the existing memberships, so it tries to add all of the users to the groups again even though they're already there, and also doesn't try to remove any users from groups." |
[GRP-4773] provision a user to a WS (e.g. google) which is recently deleted from target, it uses old cached ID... Created: 06/Jun/23 Updated: 06/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4771] grouper google api call for all groups (or one group) doesnt return the group sometimes Created: 05/Jun/23 Updated: 05/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
2023-06-05 15:16:11.639: vstev2pw, myGoogleProvisioner, fullProvisionFull: INFO: Command log for provisioner 'myGoogleProvisioner' - 'vstev2pw', retrieveAllData: HTTP method: get |
[GRP-4770] provisioning diagnostics should work for google with first name as subject attribute going through cache Created: 05/Jun/23 Updated: 05/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4769] Document the non-sso health check page somewhere besides the v2.5 container doc page Created: 02/Jun/23 Updated: 02/Jun/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Searching for what the non-SSO version of the diagnostics URL was not successful given the current wiki pages and confluence keywords. Step 1: Try search terms (result: only old or unrelated results)
Step 2: Look at the Grouper training copy/paste wiki for it (result: it only mentions the sso-protected version) Step 3: Dig up the Grouper training slides (result: a slide mentions it as https://localhost:8443/status_grouper/status?diagnosticType=all) Step 4: Search confluence for "status_grouper" Result:
Recommendations: 1) Create a separate page for Grouper health checks, OR add the public status page to Grouper diagnostics |
[GRP-4584] caching by script does not work Created: 31/Jan/23 Updated: 25/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
John Gasper |
Comments |
Comment by John Gasper III [ 25/May/23 ] |
Any idea of when this might be resolved? |
[GRP-4765] Daemon job history chart should show started jobs as an extended line Created: 23/May/23 Updated: 23/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In the job history chart, a job in the started state shows a very narrow box. In reality, the job is potentially still running, so the line should extend to the present time, or until the next time the job ran. |
[GRP-4761] add option in provisioning advanced to not validate the configuration Created: 20/May/23 Updated: 20/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
in case there is a temporary validation problem |
[GRP-4760] add built in template to adjust path parts Created: 19/May/23 Updated: 19/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
${var nameParts = grouperUtil.splitTrimToList(grouperProvisioningGroup.getName(), ":"); And see why multiline script doesnt work |
[GRP-4758] when provisioning attribute, and removing only ones grouper created or deleted, check the cache to see if the value is in the cache and should be removed Created: 18/May/23 Updated: 18/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4757] validation error on entity customize crud with no options selected Created: 18/May/23 Updated: 18/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
turned off customize entity and still got the error |
[GRP-4756] add drop downs to configuration editor Created: 17/May/23 Updated: 17/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4748] Grouper UI should show if running old release Created: 10/May/23 Updated: 10/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Perhaps there should be a banner at the top that is shown to grouper admins if the version is expired or unstable. |
[GRP-4747] add debug map to daemon logs for gsh change log consumer Created: 10/May/23 Updated: 10/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4745] Subject diagnostics Long label "not used in the new UI" inaccurate Created: 09/May/23 Updated: 10/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | subject_name_appearance_in_ui.png |
Description |
The format for subject names for the Member Add drop down list differs from how it appears everywhere else. It's also configured with a different property. 1) Subject page heading, search results, and group member list: `screenSubjectIcon2.screenHtmlEl.0 screenLabel2.screenEl.0` This corresponds to the diagnostics value for "Short link with icon" 2) Subject breadcrumbs: `screenLabel2.screenEl.0` (basically #1 without the icon) This corresponds to the diagnostics value for "Short link with icon" 3) The drop down names during the Member Add autocomplete field: screenSubjectIcon2.screenHtmlEl.0 subjectImgLong.screenEl.0 This corresponds to the diagnostics value for "Long label with icon", even though right after it reads "This is not used in the new UI" 4) The Member Add autocomplete after choosing a value: subjectImgLong.screenEl.0 (basically #3 without the icon)
The descriptions for the diagnostics values under "SUBJECT IN UI" should be adjusted to be more accurate. Suggested:
Short link with icon: ...
|
[GRP-4740] duo incremental runs a full sync for some reason Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 05/May/23 ] |
I think this is because there were a ton of errors and they are retried... maybe ignored errors should not be retried? |
[GRP-4741] validate that group and entity link is true for provisioners that need it Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4739] github should validate that organization is in external system Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
external system should have a type |
[GRP-4738] github provisioning should not allow operating on groups Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4737] Generic warnings from the loader container Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Task | Priority: | Minor |
Reporter: | Andrew Aschenbrener | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When we start v4.1.2 we see the following warnings. These all appear to be regarding the base image. grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN EhcacheRegionFactory.<init>(60) - [] - HHH020100: The Ehcache second-level cache provider for Hibernate is deprecated. See https://hibernate.atlassian.net/browse/HHH-12441 for details. grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN EhcacheRegionFactory.defaultRegionName(127) - [] - HHH90001007: Using legacy cache name [org.hibernate.cache.spi.UpdateTimestampsCache] because configuration could not be found for cache [default-update-timestamps-region]. Update your configuration to rename cache [org.hibernate.cache.spi.UpdateTimestampsCache] to [default-update-timestamps-region]. grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN EhcacheRegionFactory.defaultRegionName(127) - [] - HHH90001007: Using legacy cache name [org.hibernate.cache.internal.StandardQueryCache] because configuration could not be found for cache [default-query-results-region]. Update your configuration to rename cache [org.hibernate.cache.internal.StandardQueryCache] to [default-query-results-region]. grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN RootClass.checkCompositeIdentifier(287) - [] - HHH000038: Composite-id class does not override equals(): edu.internet2.middleware.grouper.stem.StemViewPrivilege grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN RootClass.checkCompositeIdentifier(290) - [] - HHH000039: Composite-id class does not override hashCode(): edu.internet2.middleware.grouper.stem.StemViewPrivilege grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN EhcacheRegionFactory.createCache(155) - [] - HHH90001006: Missing cache[edu.internet2.middleware.grouper.file.GrouperFile] was created on-the-fly. The created cache will use a provider-specific default configuration: make sure you defined one. You can disable this warning by setting 'hibernate.cache.ehcache.missing_cache_strategy' to 'create'. grouper-daemon;grouper_error.log; [localhost-startStop-1] WARN EhcacheRegionFactory.createCache(155) - [] - HHH90001006: Missing cache[edu.internet2.middleware.grouper.pit.PITGrouperConfigHibernate] was created on-the-fly. The created cache will use a provider-specific default configuration: make sure you defined one. You can disable this warning by setting 'hibernate.cache.ehcache.missing_cache_strategy' to 'create'. grouper-daemon;grouper_error.log; [DefaultQuartzScheduler_Worker-6] WARN SessionImpl.createCriteria(1837) - [] - HHH90000022: Hibernate's legacy org.hibernate.Criteria API is deprecated; use the JPA javax.persistence.criteria.CriteriaQuery instead |
[GRP-4736] Grouper WS on Groups with Unresolvable subject Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Andrew Aschenbrener | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When midPoint's Grouper connector tries to 'sync' with a group with an unresolvable subject, the Web Services generates this error. grouper-daemon;grouper_error.log;dev;ICP;2023-05-05T13:55:47,801: [ajp-nio-0.0.0.0-8009-exec-5] ERROR GrouperWsException.logError(147) - [< midpoint - 18.221.229.130 >] - java.lang.NullPointerException: Cannot invoke "java.util.Map.remove(Object)" because "this.translationMap" is null |
[GRP-4735] add github test case and make sure ui works Created: 05/May/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4724] add test for google external system (and others) Created: 27/Apr/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 4.1.6 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Vivek Sachdeva (google.com) [ 04/May/23 ] |
Done for Google, Box, Remedy digital marketplace, and remedy |
[GRP-4723] alphabetize daemon dropdown when adding daemon Created: 26/Apr/23 Updated: 05/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 4.1.6 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4728] when adding a daemon, if use an existing config key, then it edits the existing daemon Created: 03/May/23 Updated: 03/May/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4725] jdbc2 subject source needs identifier tweak Created: 28/Apr/23 Updated: 28/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4718] add filter term in box provisioner to retrieve an individual user or group Created: 21/Apr/23 Updated: 21/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4714] provisioning matching ids blank causes error Created: 21/Apr/23 Updated: 21/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jason Cho grouper-daemon;grouper_error.log;dev;nothing;2023-04-21T15:10:47,537: [DefaultQuartzScheduler_Worker-8] ERROR GrouperProvisioner.provision(855) - [] - Provisioner ‘LdapGroupsProvisioner’ (vq0yojx9) Error, java.util.NoSuchElementException Message incommon-grouper |
[GRP-4711] in provisioning metadata, if boolean has default value, just check that radio, dont add "default" option Created: 20/Apr/23 Updated: 20/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Apr/23 ] |
[GRP-4710] document stem move and group move in table at top of gsh page Created: 20/Apr/23 Updated: 20/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4706] millis load data is off for SFTP to SQL job Created: 18/Apr/23 Updated: 18/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Apr/23 ] |
[GRP-4705] allow HTML template attestation emails where list of groups can be in arbitrary location Created: 18/Apr/23 Updated: 18/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for v5, from alpha |
[GRP-4697] End of life OpenSAML jars in libWs folder Created: 13/Apr/23 Updated: 18/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Scott Cantor (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Grouper 4.1's libWs folder contains several out of date and unsupported/end-of-life jars dating to opensaml 2.x which has been dead for almost a decade. opensaml, openws, and xmltooling are all from those days. |
Comments |
Comment by Scott Cantor (osu.edu) [ 13/Apr/23 ] |
xmlsec 1.x is similarly EOL. |
Comment by Shilen Patel (duke.edu) [ 18/Apr/23 ] |
I've confirmed at least that the old dependencies mentioned won't be in the next v5 release. They are in v4 because of soap/rampart. |
[GRP-4696] Loader jobs summary page shows count -1 if there are any subject problems Created: 12/Apr/23 Updated: 12/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The daemon log for a loader job shows this:
But the loader job page shows this for the same job:
The loader page should reflect the same status and counts as the actual loader log. |
[GRP-4695] Visualization "Unable to retrieve..." errors shouldn't dump a whole stacktrace Created: 11/Apr/23 Updated: 11/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Visualization can have various issues if the user doesn't have permission to see certain attributes. These don't need a whole stacktrace for that, as it's obviously either permissions or a missing attribute.
|
[GRP-4692] configure hasMember, invalid cache membership value, does not remove memberships Created: 07/Apr/23 Updated: 07/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4691] provisioning, if you pick a cache location that is not populated it should throw configuration error Created: 07/Apr/23 Updated: 07/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4690] ldap provisioning, if selecting entities, and no target link, need to enter search ou Created: 07/Apr/23 Updated: 07/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4680] some recent activity is blank Created: 03/Apr/23 Updated: 03/Apr/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 4.1.2 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 03/Apr/23 ] |
[GRP-4672] add information about sql drivers to sql external system page Created: 31/Mar/23 Updated: 31/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4665] Git integration for Grouper configs Created: 24/Mar/23 Updated: 24/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Just some ideas I had while working with a customer. When provisioners, gsh templates, or other configs are managed in the UI, the history is stored in the UI. But if you want these exported on a regular basis to version control, it's a manual process. (1) A script, maybe an external gsh batch script, to export configs into local files which are under version control Maybe just item #1 is good enough for user needs? |
[GRP-4651] add a start with for ldap entity provisioner to manage a flag attribute like colorado test case LdapProvisionerTestUtils.configureColoradoSingleEntityAttribute() Created: 22/Mar/23 Updated: 22/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4593] loaded groups should handle membership requirements and not fail Created: 07/Feb/23 Updated: 16/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Shilen Patel (duke.edu) [ 16/Mar/23 ] | ||||||||||||||||||||||||||||||||||||||||||
I think this should be fixed for membership adds due to rules as well. Perhaps ignore the add gracefully?
|
[GRP-4629] validation on rabbitmq when using EL Created: 14/Mar/23 Updated: 14/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 14/Mar/23 ] |
note: check other external systems too |
[GRP-4627] null pointer in GrouperProvisioningCompare.compareTargetEntities Created: 13/Mar/23 Updated: 13/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.18, 2.6.19 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Set up and ran a full sync job in 2.6.18 and 2.6.19, was successful the first few days, but then errors started showing up. For a delete of an entity attribute value, provisioningAttribute.getValueToProvisioningMembershipWrapper() is null. I don't see an explanation for why that happens. I added some extra debugging lines to a patched class to capture the error for better diagnostics. There were 29 errors out of 2518 total users provisioned. What was in common with all these users was that none of them were in provisioned groups. All except 2 did not even have the ldap attribute in LDAP, so it should not have tried to change anything. What made the error go away is to assign all 29 users to a provisioned group, run an incremental sync, and then remove them and sync again. Since then there haven't been more errors.
|
[GRP-4623] fix audits for jexl script tester Created: 13/Mar/23 Updated: 13/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
grouper;grouper_error.log;dev;nothing;2023-03-13T17:37:11,580: [ajp-nio-0.0.0.0-8181-exec-9] ERROR GuiAuditEntry.getAuditLine(1153) - [] - Cant find audit builtin for category: jexlTest and action: jexlTestExec |
[GRP-4620] version does not show in ui for v4 Created: 13/Mar/23 Updated: 13/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
System settings and wizards to setup the registry. Grouper version: |
[GRP-4617] add 'run report' to report menu for ad hoc runs Created: 10/Mar/23 Updated: 10/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4616] provisioning: validate that the membership attribute is not cached Created: 09/Mar/23 Updated: 09/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4609] allow resize of left navigation panel Created: 02/Mar/23 Updated: 02/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Ben E Rappleyea | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
2.6.9 |
Description |
We have received requests from our customers to make the left hand navigational panel resizable so that they are not having to scroll back and forth constantly or search for the group instead. |
[GRP-4467] Add property for GrouperLoaderLog jobs not to log at DEBUG Created: 04/Nov/22 Updated: 02/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.6.7 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Now that GrouperLoaderLog is being logged at debug level by default, it tends to clutter up the logs with maintenance and changelog jobs that run every minute. I think ideally you shouldn't have GrouperLoaderLog at debug level. But if you do, maybe it's because you want to know about a specific problem job, and not CHANGE_LOG_changeLogTempToChangeLog or basically any other CHANGE_LOG or MAINTENANCE job. |
Comments |
Comment by Chad Redman [ 04/Nov/22 ] |
Maybe a regular expression, or comma-separated list of expressions? |
Comment by Chris Hyzer (upenn.edu) [ 02/Mar/23 ] |
we have this but it defaults to true //enable certain logs I think we need something in the daemon config to enable logging, default false... but if you do that then logging should just happen withot changing log4j. we will need to look at that in the near future |
[GRP-4601] LDAP startsWith eduPersonAffiliation invalid config Created: 15/Feb/23 Updated: 02/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.6.19 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2023-02-15-15-45-23-614.png |
Description |
When choosing the "eduPersonAffiliation" startsWith configuration, it asks for the group attribute to provision for the membership (default was extension). This value used to be entered in the "Group attribute name for memberships" field. In 2.6.19, the drop down for that field only has the 4 group cache buckets, and the group attributes no longer show up. This makes the field have a blank value, and can't save since it's a required field.
Note that the field description still reads "The group attribute that has values...", even though group attributes are no longer options |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Mar/23 ] |
we changed the label in the provisioner config so its a cache label. we need to fix the starts with... |
[GRP-4608] Loader Jobs with External Unique Ids to Support moving group path Created: 01/Mar/23 Updated: 01/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Task | Priority: | Minor |
Reporter: | Andrew Aschenbrener | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The current version of grouper loader jobs does not support the ability to move an existing group. Instead groups are deleted and then recreated. Based on Grouper Dev call here is a suggestion:
|
Comments |
Comment by Andrew Aschenbrener [ 01/Mar/23 ] |
To prevent unexpected errors, maybe there should also be some validation that the given metadata field for two groups don't share the same value. |
[GRP-4607] Container startup scripts to check for tomee mounted files and move them to tomcat Created: 01/Mar/23 Updated: 01/Mar/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | 2.6.19 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Moving from TomEE to Tomcat, the container directory will be different. It may not be common, but some installations may be mounting files into /opt/tomee. On startup, the init scripts should check for mounted files there, give a warning that it's deprecated, and copy them to /opt/tomcat. There should be a new environment variable to skip the check copy, in case there is some reason they would want them to stay in /opt/tomee.
|
[GRP-4604] config value on each group to override global: attestation.daysBeforeNeedsAttestationToShowButton Created: 24/Feb/23 Updated: 24/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful if each attestation could support control over when the needs attestation button would show for it. Instead of being forced to use the global default config attestation.daysBeforeNeedsAttestationToShowButton = 14, or forcing all attestations to behave identically. |
[GRP-4603] add paging to getGrouperPrivileges WS Created: 16/Feb/23 Updated: 16/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4602] allow search in ui to find things by uuid (e.g. memberId in subjects) Created: 16/Feb/23 Updated: 16/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4598] if subject source if not enabled, it shouldnt do anything Created: 10/Feb/23 Updated: 10/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 10/Feb/23 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 10/Feb/23 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-4595] attribute on a group to control UI default filter on direct/indirect display Created: 09/Feb/23 Updated: 09/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.19.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from discussion in slack channel Add an attribute to a group to cause the UI to display the group with a filter of direct memberships or indirect by default. The absence of the attribute is all (current behavior). There could be a system-wide default to control the default display of groups in the ui as well... but this is usually desirable for large groups for environments where the display of the large group is slow (which may in fact be a sign of a misconfigured cache and other components - but this at least allows for helping with the display of the group). |
[GRP-4594] GSH Template multi-value checkbox Created: 08/Feb/23 Updated: 08/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | GSH Templates |
Affects Version/s: | 2.6.19.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I seek a multi-value checkbox capability in a GSH Template. I'd like to pass in In GSH Template config I'd like to pass in the following parameters: CheckBoxItems: 'Administrator','Author','Manager','Editor','Allowed','Reviewer','Developer' (a text box with comma separated list of items) and the gsh_input_varname for this multi-value checkbox would return a list of those items checked. Something like: I think it may be just this simple. I'm sure there are ideas to make it complicated, but this is all I can think of at this point. |
[GRP-4592] pre-create grouperDdl dir so it has right owner in case gsh runs as root Created: 03/Feb/23 Updated: 03/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
David Li 2 days ago [root@ace07bb81a4e WEB-INF]# ls -la |
[GRP-4591] performance improvement in daemon page Created: 03/Feb/23 Updated: 03/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Joel Rettinger |
[GRP-4590] "enter at least two characters" in groupMove always Created: 03/Feb/23 Updated: 03/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.1 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Jutta Biernath | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
multiple |
Description |
If you want to move a group, open the search form by clicking on "search for a folder where you are allowed to create new subfolders" and enter no matter what, you will always get the error message "enter at least two characters". We still use Version 2.4 but I've taken a look at the Grouper project at Github and it seems to me that the bug still occurs in 2.6 as well. |
[GRP-4589] show group name of groups on entity membership report when groups are deleted Created: 01/Feb/23 Updated: 01/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Right now it says "name unknown" |
[GRP-4577] allow privileges to be read with READ privilege in groups Created: 25/Jan/23 Updated: 01/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Jan/23 ] |
Heather Gwinn Carey Black Heather Gwinn Chris Hyzer Heather Gwinn Chris Hyzer Heather Gwinn |
Comment by Chris Hyzer (upenn.edu) [ 01/Feb/23 ] |
leaning toward adding two new privileges to groups/folders/attributes read privilege and write privilege |
[GRP-4588] translation failing on entities Created: 01/Feb/23 Updated: 01/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Benjamin Rappleyea |
[GRP-4587] disable subject source via env var (via config) Created: 01/Feb/23 Updated: 01/Feb/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black Chad Redman Carey Black Chris: note, it should be a subject.properties config that defaults to env var... |
[GRP-4586] Subject diagnostics incorrectly printing subject Id for identifier test Created: 31/Jan/23 Updated: 31/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | subject API |
Affects Version/s: | 2.5.23, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Diagnostics report
SubjectSourceDiagnostics.java
Note the subject identifier tests reports the subjectId from an unrelated part of the code, and "finding subject by id" in one of the 3 subject identifier cases. |
[GRP-4585] add a GSH change log consumer. Example is emailing supervisor when someone added to group Created: 31/Jan/23 Updated: 31/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4583] Create wiki page for morphString Created: 30/Jan/23 Updated: 30/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Either the Confluence search isn't working, the page for morphString usage got reworked into oblivion, or there never was a page. I thought there used to be documentation for this, but I am not seeing it. There is only a brief mention in the gsh page on how to encrypt a value. Digging into the code for a customer, I uncovered a lot about how morphString works. It would be useful to have a page somewhere since there are recommendations to use it.
|
[GRP-4582] add rate limiting to provisioning Created: 26/Jan/23 Updated: 26/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Tim Darby Is there a way to rate limit the LDAP queries, mods, adds, deletes? |
[GRP-4581] membership import does not recognize header row Created: 26/Jan/23 Updated: 26/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
[GRP-4574] store state of hide/show left UI panel in user preferences in DB so persists across refresh or browsers or session. Created: 21/Jan/23 Updated: 21/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
also add config to disable this in grouper-ui.properties, and default to storing in DB |
[GRP-4569] Attestation API markAsAttested(true) no effect Created: 18/Jan/23 Updated: 18/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.44, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The save() method is generating a local variable for the current YYYY/MM/DD date, but not doing anything with it. Probably a problem both in AttributeGroupSave and AttributeStemSave. |
Comments |
Comment by Chad Redman [ 18/Jan/23 ] | |||||||||||
Workaround is setting the certified date manually:
|
[GRP-4562] store csrf tokens in the database Created: 12/Jan/23 Updated: 12/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
implement the org.owasp.csrfguard.token.storage.TokenHolder interface described here: Note, we dont need page level tokens, just the session tokens. Still store in memory too. Periodically purge the database table. Explore hashing the tokens and session keys to see if that can work to not let the DB be a vector for session hacking... |
[GRP-4561] grouper duo provisioner throttling Created: 12/Jan/23 Updated: 12/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
we are still experiencing issues with the new duo provisioner. We are seeing error 429/42901 (The account has made too many requests of this type recently. Try again later) when processing large membership changes with either the incremental or full sync so the membership counts in grouper are not matching up with those in Duo. Taking a look here https://community.duo.com/t/429-too-many-requests-after-a-request-every-20-seconds/6863 and here https://github.com/duosecurity/duo_client_python/issues/101 we are being throttled due to too many requests per minute. Duo’s website https://help.duo.com/s/article/1338?language=en_US mentions updating to the newest version of the duo client library to ensure the client backs off automatically and makes requests within the limit. I am not sure if this is an update/fix that needs to be implemented in Grouper or if there is a setting we can change currently in Grouper to rate limit the requests the duo provisioner is making. Any suggestions on how to fix this? From Andrew Costa |
[GRP-4557] grouperScriptHooks_prepConfPost is unreachable code Created: 11/Jan/23 Updated: 11/Jan/23 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | 2.5.30, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Note that if /opt/grouper/grouperEnv.sh exists, the function returns early. However, even in the base image the file exists with zero bytes. Thus, grouperScriptHooks_prepConfPost is never called.
The other opportunity to call a hook before Grouper does file configuration is prepComponentPost. The setupFilesPost hook happens after Grouper file manipulation. |
[GRP-4553] attributeassignmembershipdelegate needs privilege revision Created: 29/Dec/22 Updated: 29/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
AttributeAssignMembershipDelegate.assertCanUpdateAttributeDefName |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 29/Dec/22 ] |
checks if can update group??? |
[GRP-4546] substitute gsh template dollar with unicode '$', or at least give a good error Created: 22/Dec/22 Updated: 23/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4548] SUpport file attachments in workflows Created: 22/Dec/22 Updated: 22/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0.patch |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4547] Support start/end dates in workflow Created: 22/Dec/22 Updated: 22/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0.patch |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Is this currently supported? I didn't see it in the wiki or in the 2.6.18 source code. This would be from optional fields from workflow approval states, or from the original requestor |
[GRP-4545] give good error message if grouperIncludeExclude.use = false (default) and loader addIncludeExclude Created: 22/Dec/22 Updated: 22/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4542] add database config id to sql reports Created: 21/Dec/22 Updated: 21/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4541] add knobs for retries Created: 15/Dec/22 Updated: 15/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.19 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4532] allow sql loader queries to be brought in by config or other way Created: 12/Dec/22 Updated: 12/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for long queries |
[GRP-4531] dry run option for loader Created: 09/Dec/22 Updated: 09/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford |
[GRP-4529] regex validation does not work for gsh template password inputs Created: 07/Dec/22 Updated: 07/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from alpha |
[GRP-4528] SubjectFinder() builder can only find one subject, not multiple Created: 05/Dec/22 Updated: 05/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In the builder method for SubjectFinder, there is a findSubject() method, but no findSubjects() method. The use case for me is to get all subjects for a specific source, so I can loop through them.
|
[GRP-4526] if an exception occurs, check to see if the data is in the right state? Created: 03/Dec/22 Updated: 03/Dec/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | gruoperJiraProvisioner.txt |
[GRP-4520] add subject source restriction in membership requirements (e.g. only people) Created: 30/Nov/22 Updated: 30/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4519] Provisioning Framework - inability to provision custom attributes to bushy stems Created: 30/Nov/22 Updated: 30/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.6.16 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Robert Bradley | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.6.16 with new Provisioning Framework. |
Description |
In Grouper 2.2.2 and the old Grouper PSP software, it was possible to provision custom attributes on bushy stems. For example, it was possible to set the displayName of a stem separately from the ou attribute in LDAP, along with setting other custom attributes (e.g. course codes or owning departments). We currently use these custom attributes for managing course groups in our VLE/LMS system. However, in the new Provisioning Framework and PSPNG, bushy stems are created as needed, but only with the objectClass and ou/RDN attributes. This means that if other attributes are required by the schema, the stem addition will fail. It would be useful if the new Provisioning Framework were expanded to allow attribute provisioning to stem objects in LDAP to allow for the addition of non-RDN/non-objectClass attributes to avoid such issues, and avoid the need for a custom reconciliation process to add the missing custom attributes. |
[GRP-4517] add group membership filter by subject source Created: 28/Nov/22 Updated: 28/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Drew Aschenbrener |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 28/Nov/22 ] |
Carey Black |
[GRP-4512] add view for jwt creds Created: 23/Nov/22 Updated: 23/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
example query for postgres
|
[GRP-4510] in ldap groups from attributes, if an extra attribute is a group attribute dont fail since multivalued is ok Created: 22/Nov/22 Updated: 22/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
java.lang.RuntimeException: java.lang.RuntimeException: Grouper LDAP loader only supports single valued group attributes at this point: eduPersonSchoolCollegeName, |
[GRP-4509] make sure recent memberships job incremental is making all necessary changes Created: 20/Nov/22 Updated: 20/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Liam Hoekenga Michael Gettes Liam Hoekenga Liam Hoekenga Liam Hoekenga Chris Hyzer @gettes Michael Gettes Liam Hoekenga Chris Hyzer |
[GRP-4508] upgrade ehache for cve on embedded jackson-databind Created: 19/Nov/22 Updated: 19/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://mvnrepository.com/artifact/org.ehcache/ehcache/3.10.6
verify that jackson is not inside anymore |
[GRP-4507] allow bushy group to be in base DN Created: 18/Nov/22 Updated: 18/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
throw new RuntimeException("Group's parent dn is the base dn!"); |
[GRP-4506] add compare methods for attributes in provisioning. Created: 18/Nov/22 Updated: 18/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Default to case sensitive. Have case insensitive there. Provisioners can add their own. LDAP provisioner should add a DN compare |
[GRP-4503] add incremental tests to example WS tests Created: 18/Nov/22 Updated: 18/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4502] provisioning membershipObjects should default to translation if there is a group and entity attribute Created: 18/Nov/22 Updated: 18/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
see example WS |
[GRP-4501] pull configuration defaults up a class in provisioner wizard configuration class Created: 18/Nov/22 Updated: 18/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
and update the example and all provisioners |
[GRP-4476] add unit test for grouper / midpoint with multi valued metadata Created: 10/Nov/22 Updated: 17/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.19 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4496] bad membership finder should remove invalid circular references from composites Created: 16/Nov/22 Updated: 16/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From Joel, Should circular group membership references work when the complementary member groups are composites made from the "container" groups? I.e. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 16/Nov/22 ] |
bad membership change log consumer should detect this too? |
[GRP-4478] add ability to remove an attribute via wizard. e.g. #3 of 5 Created: 11/Nov/22 Updated: 11/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 11/Nov/22 ] |
maybe move up or down or insert |
[GRP-4479] report viewers group combobox has trouble finding group by system name Created: 11/Nov/22 Updated: 11/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
see GTE 101.11 |
[GRP-4468] allow setting the idIndex of groups in UI if not conflict and below current index Created: 05/Nov/22 Updated: 05/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4459] allow enabled/disabled dates without time components Created: 02/Nov/22 Updated: 02/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford |
[GRP-4458] enable partial full syncs in provisioner for large provisioners Created: 01/Nov/22 Updated: 01/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. in sql do this in batches |
[GRP-4396] ldap loaders should auto enable like sql (on create) Created: 30/Sep/22 Updated: 01/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Nov/22 ] |
note i dont think sql loaders auto enable... |
[GRP-3119] daemon configuration for reports Created: 05/Feb/21 Updated: 01/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
Do I need to worry about this? It comes up every time I go into the Daemon jobs..
|
[GRP-3682] change grouper report daemon names to be the system name not uuid Created: 03/Nov/21 Updated: 01/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
grouper_report_6905452b5df74a778025ecfa15414864_8dce82492bed47be8e8a34d4bbd6d851 |
[GRP-4450] Provisioner metadata is readonly unless "can change" is true Created: 01/Nov/22 Updated: 01/Nov/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.16 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When a provisioner has metadata, there is no way to set the value of it unless the "Metadata xxx: can change" is set to true |
[GRP-4445] SQL subject source should show form field for maxPageSize Created: 25/Oct/22 Updated: 25/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.40, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4443] run harvard group of names add a large group, takes 20 minutes Created: 24/Oct/22 Updated: 24/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4439] Subject source adapters don't limit query to default limit when max results is blank Created: 22/Oct/22 Updated: 22/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | 2.5.41, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In the UI for the new sql subject adapter (GrouperJdbcSourceAdapter2_5), the field for Max results size has a description "Max results size. Default value is '100'". However, if the field is left blank, there is no limit of 100, and all records are returned. This applies to substring searches in the add member search box which looks up for every character typed after a pause, when the length is 2+. With a small search string, this could potentially return a large list of results. The workaround is to always put a value in this field, even if you want the value to be 100. The `subjectApi.source.genericSource.param.maxResults.value` does have a default of 100, but that may just for display. I don't see any source init functions that set the default as a fallback. |
Comments |
Comment by Chad Redman [ 22/Oct/22 ] | ||||||||||||||||
The suggested workaround of setting maxResults causes loader jobs to fail. This was the result when maxResults was set to 50 (I reformatted the sql for readbility):
(there are 180 of those ?'s) |
[GRP-4438] azure error on memberships (null pointer) Created: 22/Oct/22 Updated: 22/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/Oct/22 ] |
note, this stops the provisioner, does not register as error |
Comment by Chris Hyzer (upenn.edu) [ 22/Oct/22 ] |
user id is null arrayNode.add(GrouperUtil.stripLastSlashIfExists(resourceEndpoint) + "/directoryObjects/" + GrouperUtil.escapeUrlEncode(userId)); |
[GRP-4434] WS SCIM 2 to implement Bulk updates Created: 20/Oct/22 Updated: 20/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.6.17 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Not yet implemented in the WS SCIM service. Was not working in the Penn State implementation either; it gave an error:
|
[GRP-4436] WS SCIM 2 allow to enable/disable via configuration property Created: 20/Oct/22 Updated: 20/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.6.17 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Create a grouper-ws property that can turn off SCIM in the WS module if the user doesn't want a SCIM service. It's enabled from CommonServletContainerInitializer like WS is, so that code can just look at the property before adding the filter and servlet. |
[GRP-4435] WS SCIM 2 to implement PATCH method Created: 20/Oct/22 Updated: 20/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.6.17 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The PATH http method is essential for membership updates via the group object. Without it, you can't add or delete individual members from a membership list, rather you need to pass back the whole membership list with just one entry changed. This was not working in the Penn State Scim implementation, the error was
|
[GRP-4433] WS SCIM 2 to implement /Schemas endpoint Created: 20/Oct/22 Updated: 20/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.6.17 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The /Schemas endpoint hasn't yet been implemented in the WS Scim solution. It was not working in the Penn State implementation either (nested fields were referencing their parents, so the was an infinite loop that crashed the stack)
|
[GRP-4417] upgrade xmlsec Created: 10/Oct/22 Updated: 19/Oct/22 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chad Redman [ 19/Oct/22 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
Reverted, hibernate was not able to start
|
[GRP-4429] MembershipSave.save() doesn't return a membership on insert Created: 18/Oct/22 Updated: 18/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.43, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This should return the created membership. per the javadoc, "@return the membership that was updated or created or deleted". |
[GRP-4428] For SQL subject source, add option for search column to wildcard just the suffix Created: 18/Oct/22 Updated: 18/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.40, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
For new style SQL subject sources (GrouperJdbcSourceAdapter2_5), parameter lowerSearchCol is a wildcard search, appending '%' both before and after the search string. The wildcard prefix negates the effect of any indexes on the field, and it needs to do a full table scan to find substring matches. If there were an option to only add the '%' to the suffix of the string and not the prefix, it may perform better when the subject table is large. |
Comments |
Comment by Chad Redman [ 18/Oct/22 ] |
Actually, if this column is going to concatenate a few different values, it needs the prefix wildcard to find those. So maybe this isn't a request that makes sense. |
[GRP-4427] adjust mailNickname documentation to note the max length Created: 17/Oct/22 Updated: 17/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
maybe also set max length as a validation? Liam Hoekenga 4:14
|
[GRP-4425] provisioning edit provisionable if set provision to No, then it doesnt save (when previously provisionable) Created: 14/Oct/22 Updated: 14/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
the rest of screen should disappear too |
[GRP-4424] translate objects with default values Created: 14/Oct/22 Updated: 14/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. right now we need
|
[GRP-4423] provisioner exception Created: 14/Oct/22 Updated: 14/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | provisionerException.txt |
[GRP-4422] allow other system to remove memberships in provisioning Created: 13/Oct/22 Updated: 13/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The only thing I can think of that we need in new provisioning at the moment is a bit more control of what happens when grouper wants to remove someone from a target group and the someone is no longer in the target. Gail Lift Chris Hyzer Gail Lift Chris Hyzer |
[GRP-4415] Add option to dump ddlScript output to stdout instead of a file Created: 10/Oct/22 Updated: 10/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, gsh |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When needing to run a registry check with
If stdout is a problem due to being to much output which prevents it from being captured, it may be advantageous to rewrite this to log the output using log4j, and then the user will have the ability to set appenders as needed. |
[GRP-4412] do not query ldap_dn attribute in ldap filters Created: 07/Oct/22 Updated: 07/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4411] Grouper Version Upgrade 2.6.16.2 Created: 07/Oct/22 Updated: 07/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Task | Priority: | Minor |
Reporter: | Andrew Aschenbrener | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4410] Allow option to not show subject attribute friendly description for names Created: 06/Oct/22 Updated: 06/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.16 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Example: The subjectId is the opaque unchanging ID of the entity This is the entity attribute: preferred_email The entity attribute 'name' is the first and last name of the entity The 'description' attribute differentiates entities with the same name
This is new UI behavior for 2.6.16, and may not be desirable for all institutions |
[GRP-4404] configure import file or copy paste submit does not do anything... Created: 05/Oct/22 Updated: 05/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4403] ldap provisioner with default member does not get removed Created: 05/Oct/22 Updated: 05/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
the default member gets added and then it doesnt get removed when other members are there. |
[GRP-4400] loader subjob entries should be capped at 100 Created: 03/Oct/22 Updated: 03/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Paul Rubenis: Any reason that any loader jobs that are creating subfolders need to spam the grouper_loader_log table with so many entries? In our case, a couple loader jobs are running 3-4x per hour and creating 10s of thousands of sub folders..which end up creating 100s of thousands of db table entries in grouper_loader_log...In just 14 days that ends up being over 9M+ rows in that table... AND the daemon loader view apparently needs to read that entire table (or vast portions of it) in order to actually display the view for daemon loader jobs... (edited) |
[GRP-4399] data fixer daemon should make sure no group has the same name as another alternate name Created: 01/Oct/22 Updated: 01/Oct/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4398] dont allow changing subject source id in subject source wizard Created: 30/Sep/22 Updated: 30/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4394] Allow the UI list of Provisioners to be extended Created: 30/Sep/22 Updated: 30/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.16 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The drop down list of provisioner types that can be created is a hard coded list of specific classes in ProvisioningConfiguration.provisionerConfigClassNames that is defined as final at Grouper startup. If an institution creates a custom provisioner, the classes can be supplied in a separate jar. But there isn't a way to extend the drop down list since it is sealed. Maybe something like this in grouper-ui.properties?
The provisioners would then appear after the built-in ones, in the order enumerated in the config. |
Comments |
Comment by Jonathan Johnson (unicon.net) [ 30/Sep/22 ] |
in 2.6.16, the `Set` is indeed `final`, but it's not unmodifiable. Elsewhere, I've set up an initializer that adds to the set, but it might be nice to add a standard/supported method to the class |
[GRP-4391] put limits on group size for provisioning Created: 27/Sep/22 Updated: 30/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jonathon Taylor |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 30/Sep/22 ] |
@mchyzer
|
[GRP-4393] relieve or increase SQL size limit for loader jobs Created: 28/Sep/22 Updated: 28/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon, UI |
Affects Version/s: | 2.6.16 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
per slack conversation: |
[GRP-4390] if query too long for loader, should give error on UI before saving Created: 27/Sep/22 Updated: 27/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4389] abbreviate group display names on main page Created: 27/Sep/22 Updated: 27/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
[GRP-4387] Refactor or remove GrouperUtil.fileCopyExampleResourceIfNotExist() Created: 26/Sep/22 Updated: 26/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.0, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Commit 8c081131 "get grouper ui dev env working" added a new method
The only place this is called is the first time GrouperUtil.getLog() is called by any class that does logging. It is called with parameters "log4j2.example.xml" and "log4j2.xml". The method itself checks whether log4j2.xml already exists before copying, which contradicts the purpose suggested by the "IfNotExist" method name. This is what causes the JUnit errors, since log4j2.xml is not packaged with the Grouper artifacts. Also, log4j2.example.xml is not packaged in the grouper jar. Since both the example and the target need to already exist as files in the filesystem for a successful startup, the fileCopyExampleResourceIfNotExist() method is pretty much superfluous. A normal Grouper startup already has a CheckConfig step to verify log4j2.xml exists. There is no danger of a container running while missing the file. I haven't yet figured out how log4j2.example.xml gets into the image. It's not packaged in the grouper jar, is not handled by the installer, and doesn't exist in the Git repo for the docker build. I must be missing something. |
[GRP-4386] add attestation where if not attested the group will be disabled Created: 23/Sep/22 Updated: 23/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
enable once attestation is done |
[GRP-4383] grouper provisioning null pointer when incremental adding a user (not in target) to a group that requires users to exist Created: 23/Sep/22 Updated: 23/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4382] fix this error message to mention caching on links Created: 23/Sep/22 Updated: 23/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
"Error: if you are using 'entity link' you must translate an entity attribute to a sync field (recommended) or have an entity link script (less likely)" |
[GRP-4379] change audit log to add start/end dates Created: 23/Sep/22 Updated: 23/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Added Sandra Johnson as a member of the Expelled 2023 (basis) group. |
[GRP-4378] audit log says someone added even if the start date is in the future Created: 23/Sep/22 Updated: 23/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Added Johnny Jimenez as a member of the testGroup group. |
[GRP-4371] Refactor session initializer to remove resources/init/*.properties Created: 21/Sep/22 Updated: 21/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.2.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Since 2.2, localization is configured in grouper.text.bundle.* properties in either grouper-ui.properties (2.2->2.4p54) or grouper.properties (2.4p55+). But the SessionInitialiser class is still looking at and setting a session variable based on grouper-ui configuration files resources/init.properties and resources/grouper/init.properties. Those session values don't appear to be doing anything during some light testing. In fact, you can't override the values anyway, since they are packaged in the grouper-ui jar. They do seem to be harmless, but it would be nice to refactor that class to not deal with those property files, and then remove them from the jar.
|
[GRP-4368] Creation of Local Entity Failing when not user in sysadmingroup Created: 21/Sep/22 Updated: 21/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.10 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Jonathan Keller (ucdavis.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | grouper_local_entity_create_stack_trace.txt |
Description |
Creation of a local entity in a folder seems to be failing due to the system attempting to assign permissions to the entity which are not allowed by the user creating the entity. The user has Admin privs on the folder (inherited) that the entity is being created in. There are no explicit permissions being assigned to these entities as far as we can tell, so we are a bit at a loss as to which permissions are triggering this error. Users in the sysadmingroup do not have this issue. I'm attaching the stack trace which is logged when this happens. The UI returns the usual message related to the Hibernate transaction being closed. |
[GRP-4362] Provisioning Framework is provisioning entities that exist in Grouper but not Target Created: 21/Sep/22 Updated: 21/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Alpha Sanneh | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
OpenLDAP |
Description |
We have encountered a bug in the Provisioning Framework whereby if an entity exists in grouper but not in the target (i.e. OpenLDAP) grouper will insert the entity in a provisionable group. This is a critical bug because grouper is not the entity source so should never add one if it does not exist in the target. Our production Grouper v2.6.8 and we plan to upgrade to v2.6.15.1 within the next two weeks. We have tested this in our stage environment which is running v2.6.15 and it the issue persists |
[GRP-4171] Subject change daemon Created: 22/Jul/22 Updated: 16/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | 2.6.11 |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Subject+change+daemon |
Comments |
Comment by Shilen Patel (duke.edu) [ 16/Sep/22 ] |
Waiting on entity recalc to work... |
[GRP-4358] remove jsonlib and replace with jackson Created: 16/Sep/22 Updated: 16/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
note there are helper methods in GrouperUtil.jsonJackson... |
[GRP-4357] add start/end date to member export of group Created: 16/Sep/22 Updated: 16/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4355] maven checkstyle shouldn't warn on missing javadoc on private fields/methods Created: 16/Sep/22 Updated: 16/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It's complaining about private methods and fields. What is the coding standard? I assume it's optional, but do we want checkstyle warning about it? |
[GRP-4352] loader should add before remove Created: 14/Sep/22 Updated: 14/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We're looking to provide a seamless transition from "current summer student, future fall student" to "past summer student, current fall student" on the term changeover boundary. A simplified scenario is below, with (A), (B), and (C) standing in for Group UUIDs. Before fall semester start, a student might be members of the following groups; (C) is a populated by the loader, looking for Current groups: (A) Current Summer Students in L&S To reduce processing churn, we pause processing in Grouper and run a script after midnight on the first day of fall semester to rename the groups, which results in these memberships for the user: (A) Past Summer Students in L&S When we turn the loader back on, because deletes happen first, (A) is removed from (C) before (B) is added, so the user loses all the memberships / eligibility granted to All Current Students. These m |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 14/Sep/22 ] |
for one subject, do adds/deletes in one transaction if the number of work is under a certain amount |
Comment by Chris Hyzer (upenn.edu) [ 14/Sep/22 ] |
have options to order adds/deletes or deletes/adds |
Comment by Chris Hyzer (upenn.edu) [ 14/Sep/22 ] |
change default behavior? |
[GRP-4349] new local entity screen should have "entity id" not "group id" Created: 13/Sep/22 Updated: 13/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4348] add view for change log temp Created: 13/Sep/22 Updated: 13/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
CREATE OR REPLACE VIEW penngrouper.grouper_change_log_entry_tmp_v |
[GRP-4345] WsGetGroupsLiteResult with no found groups should return empty list Created: 12/Sep/22 Updated: 12/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 1.3.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When no groups are found, it is missing the wsGroups node, which means callers may need to do an extra for null or get a null pointer exception. |
[GRP-4342] Create GrouperUtil.join() method that works on Collections Created: 07/Sep/22 Updated: 07/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 1.4.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There are currently a few different GrouperUtil methods for joining to return a delimited string. All work with either an iterator or an array. The iterator version can be used for Set objects, but the caller needs to check for a null Set before getting its iterator. If there were a version taking in a Collection object instead of an iterator, it could do the null check in the method (returning null?) so the caller doesn't need to do it. This would be particularly useful in jexl calls where results can't be saved to temporary variables, so lookups need to be done twice.
E.g., Now (subject.getAttributeValues called twice)
Proposed:
|
[GRP-4339] grouper loader should remove memberships from groups instead of delete groups as an option Created: 07/Sep/22 Updated: 07/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4337] GroupFinder builder missing method for assignIdIndexes() and addIdIndex() Created: 06/Sep/22 Updated: 06/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.2.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Searching for a group by its idIndex can only be done using the GroupFinder.findByIdIndexSecure(Long). If you want to use the new builder pattern, there isn't a chained method to set the idIndex or multiple idIndexes to search on. |
[GRP-4330] Make ChangeLog Consumer queue/backlog size available via web request Created: 01/Sep/22 Updated: 01/Sep/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | John Gasper III | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be great if the ChangeLog Consumer backlog/queue count was available via a web query like it is on the Daemon Extended Log page. I'm not sure if this could be a SOAP/REST request or just part of the status page dump.
Either, the desired outcome is that external processes can monitor the queue size (without having to create db accounts/permissions/calculations, etc) and doing things with that info, like alerting or programmatically make decisions like when importing 25K records into a group, slowing down or temporarily suspending the process if specific CLC's queue gets too long. (Carey had a larger wishlist at https://internet2.slack.com/archives/C7V0UQDJ4/p1662055948632379?thread_ts=1662051345.455219&cid=C7V0UQDJ4) |
[GRP-4063] gsh template add a "warning" output status Created: 02/Jun/22 Updated: 31/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I don't know if we can make just those lines yellow, or if the whole div needs to be yellow. IIRC these statuses are magic string values. It would be good to have an enum version of these too, which would make it more "Java-like".
|
[GRP-4326] flat ldap dn should be there Created: 30/Aug/22 Updated: 30/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 30/Aug/22 ] |
log all objects verbose did not log here |
[GRP-4321] add confirm popup for enabled/disable/delete on daemon jobs... Created: 29/Aug/22 Updated: 29/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4319] add target object cache to grouper provisioning Created: 28/Aug/22 Updated: 28/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4253] ldap provisioner: starts with: flat provisioning, name: flatReverseNameLimit64 - fail Created: 03/Aug/22 Updated: 20/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Aug/22 ] | ||||
|
[GRP-4304] add servername to apache configs in container Created: 17/Aug/22 Updated: 17/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Reply… Also send to incommon-grouper incommon-grouper Benjamin Rappleyea Show 3 more replies Benjamin Rappleyea
Listen 8443 https RewriteEngine on SSLEngine on SSLCertificateFile /path/to/file.cert SSLCertificateKeyFile /path/to/file.key
Benjamin Rappleyea Chris Hyzer Chris Hyzer |
[GRP-4301] update shib from image in grouper Created: 17/Aug/22 Updated: 17/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
3.3.0_06242022 |
[GRP-4299] Provisioning Framework should produce "Audit data" about what it does to external systems. Created: 17/Aug/22 Updated: 17/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.0, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In a similar manor to Audit data for a user, "system operations" ( like the Provisioning Framework ) should also document/audit the work. It should be done in a consistent manor with those kinds of events caused by the system as those does in the system. It would allow for a map of "User did 'x' in Grouper" to 'provision(s) did 'Y' in external system(s)'. With out the visibility in the Grouper Audit information then it become very challenging, ( if not impossible ) to later look back and know why something was done in an external system. |
[GRP-4297] add manager role to provisioner to do things other than assign provisioning Created: 17/Aug/22 Updated: 17/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4281] Grouper Report - ad last_index_reserved to OVERALL Created: 12/Aug/22 Updated: 12/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | reporting |
Affects Version/s: | 2.6.14 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Please add the various last_index_reserved values from grouper_table_index to the OVERALL section of the Grouper Report so we can keep track of values to prevent collisions with other systems. |
[GRP-4280] integrate with google analytics Created: 11/Aug/22 Updated: 11/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
jasonrap Chris Hyzer jasonrap Chris Hyzer jasonrap Chris Hyzer jasonrap |
[GRP-4269] ws.diagnostics.minutesSinceLastSuccess improvement Created: 08/Aug/22 Updated: 08/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.6.13 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From SLACK: Good morning Groupies: for status monitoring I’d like to do a little less configuring to limit mistakes. I have a naming convention for various daemon jobs. Example: OTHER_JOB_prov_* — I’d like to be able to specify just the “prefix” name in ws.diagnostics something like “ws.diagnostic.minutesSinceLastSuccess.loader_OTHER_JOB_prov_ = 90". So, if there is not an exact match on the lastSuccess then see if there is a prefix match. Then as I add provisioners I won’t default to 1440 minutes. If this is possible (and hopefully others want it) I am happy to submit a jira. and… if it is possible to allow for % in the job name for “like” matching then I could do even more! |
[GRP-4256] provisioning change in cached entity DN in group attributes error retry Created: 04/Aug/22 Updated: 04/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-4251] entity recalc by message not working Created: 03/Aug/22 Updated: 03/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from shilen over slack |
[GRP-4245] update documentation for group attribute edit Created: 03/Aug/22 Updated: 03/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I tried following the demo at https://spaces.at.internet2.edu/display/Grouper/Grouper+attribute+framework+attributes+editable+in+group+edit+screen and I couldn’t get it to work. I found that the keys in the example grouper.properties are not what the code is expecting. The example has these: |
[GRP-4244] add deepEquals() method to remove groups/entities/memberships retrieved from dao in case there are dupes Created: 02/Aug/22 Updated: 02/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4233] v2.6.13 Unable to turn off provisioning for a provisioner configured as DN Override only Created: 01/Aug/22 Updated: 01/Aug/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Aimee Lahann (umich.edu) | Assignee: | Vivek Sachdeva |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
2.6.13 |
Attachments: | Screen Shot 2022-08-01 at 9.36.56 AM.png |
Description |
I am unable to turn provisioning off on a group provisioned by a DN Override only provisioner (LDAP_MCOMM_UserGroups.) I am getting the error message "Group DN override is required" See pic. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Aug/22 ] |
note, you can remove the attribute assignment until this is fixed |
[GRP-4231] add immutable id to search for entities in azure provisioning Created: 29/Jul/22 Updated: 29/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4218] RabbitMQ configuring password.elconfig via grouper.messaging doesn't work Created: 28/Jul/22 Updated: 28/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperClient, messaging |
Affects Version/s: | 2.6.13 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
docker |
Description |
Configuring for RabbitMQ using the grouper.messaging .password works but .password.elConfig does not. See below. While I am reporting this on 2.6.13 I think this has been an issue for some time - just getting around to reporting it. grouper.messaging.system.rabbitmqSystem.password.elConfig = ${java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE') != null ? org.apache.commons.io.FileUtils.readFileToString(new("java.io.File", java.lang.System.getenv().get('RABBITMQ_PASSWORD_FILE')), "utf-8") : java.lang.System.getenv().get('RABBITMQ_PASSWORD') } |
[GRP-4216] duo incremental daemon throws errors Created: 28/Jul/22 Updated: 28/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Andrew Costa |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 28/Jul/22 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 28/Jul/22 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-4177] on group provisioning screen should be able to pull drop down next to provisioner and edit Created: 22/Jul/22 Updated: 22/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4173] for azure provisioning, allow a metadata with drop down to pick a group to be the owner list in azure Created: 22/Jul/22 Updated: 22/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4170] Create rule to copy newly added member to another group Created: 22/Jul/22 Updated: 22/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 1.6.4 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We have a need to listen to groups in a specific folder, and when a member is added to one of those groups, add it to another target group (possibly outside that stem). There won't be a rule for deleting members, so the effect is to create an accumulation of anyone ever added to the folder. This is the opposite of the capability that is in the flattenedMembershipAddInFolder rule. For that rule, the Then action acts on the group that triggered it (to send an email, etc). There isn't a Then rule to add that member to another group (is there?). |
[GRP-4166] Attribute framework should use database constraints to ensure single assign attributes aren't multi assigned Created: 20/Jul/22 Updated: 20/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4164] add auditWs to grouper client help text Created: 19/Jul/22 Updated: 19/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4093] document entity attribute value cache config is below group config Created: 10/Jun/22 Updated: 19/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Vivek Sachdeva (google.com) [ 19/Jul/22 ] |
Add anchors for each element in the wizard and link from one to the other. |
[GRP-4163] taglib errors in WS Created: 18/Jul/22 Updated: 18/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Andrew Costa
12 replies Chris Hyzer Andrew Costa Chad Redman
Andrew Costa Andrew Costa Andrew Costa Chris Hyzer Chris Hyzer Andrew Costa Andrew Costa Andrew Costa Chris Hyzer |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Jul/22 ] |
make sure servlets not mapped? not sure what is calling a JSP that tries to load a custom tag |
Comment by Chris Hyzer (upenn.edu) [ 18/Jul/22 ] |
maybe remove all jsps? |
[GRP-4161] GroupAnyAttributeFilter() matches partial group names as well as attribute values Created: 15/Jul/22 Updated: 15/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 1.5.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It looks like this was introduced in 1.5.0. it's not just matching on the group name, but the display name too.
Can this be changed to just query attributes and not the group names? If I want to act on the resulting set of groups and do something with the attribute, I don't want to get groups that don't actually have the attribute. |
[GRP-4158] validate provisioning azure (and others) that required fields are configured for various CRUD Created: 13/Jul/22 Updated: 13/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4152] Allow assignments only on group Created: 12/Jul/22 Updated: 12/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
we need an option under "assigning provisioning" called "Allow assignments only on groups" Description: If folders should not be able to be marked as provisionable, e.g. if there is metadata on groups which is required Note, if this is false, and there is a required metadata only assignable on groups, then also do not allow provisioning on folders. This can be tests on an "only DN" LDAP provisioner |
[GRP-4151] dn override "start with" Created: 12/Jul/22 Updated: 12/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4150] Export of loader job won't import Created: 11/Jul/22 Updated: 11/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | gsh |
Affects Version/s: | 2.6.9a |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
2.6.9 latest containers |
Description |
See https://internet2.slack.com/archives/C7V0UQDJ4/p1657571863131669 The last comment is: I'll attach the script which fails.
|
[GRP-4147] dont fail provisioning if there are subject problems (e.g. resolution) Created: 06/Jul/22 Updated: 06/Jul/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4129] mail.smtp.grouperEmailContentType values not supported for "Grouper report" email ( and likely other standard emails) Created: 29/Jun/22 Updated: 29/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When setting The daily "Grouper report" email ( and likely other standard emails) no longer wrap lines properly. Already has some "odd" logic trying to fix "line endings" based on the start of the body having "<HTML>", but it appears to be flawed / lacking. Perhaps the behavior should be controlled only based on mail.smtp.grouperEmailContentType settings? ( if contains "text/html" then sub \r\n with "</br>" instead of looking at the starting string of the body? ) Or |
[GRP-4125] Rule membershipAdd does not work for members previously expired Created: 27/Jun/22 Updated: 27/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.59 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Steps to reproduce 1) Add a rule to a group
2) Add a member
|
[GRP-4124] problem with multiple rules on the same group Created: 18/Jun/22 Updated: 18/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford 4 days ago Chris Hyzer 4 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago Chris Hyzer 3 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago Jeffrey Crawford 3 days ago
Chris Hyzer 2 days ago Jeffrey Crawford 2 days ago Chris Hyzer 1 day ago Jeffrey Crawford 3 hours ago Chris Hyzer < 1 minute ago |
[GRP-4123] grouper should complain if multiple groups have the same overrideDN for the same provisioning target Created: 17/Jun/22 Updated: 17/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-06-17-17-15-05-155.png image-2022-06-17-17-15-25-159.png |
Description |
I think that grouper should complain if a single provisioner has multiple groups (actively being provisioned) that specify the same override DN
Maybe something along the lines of this error... |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 17/Jun/22 ] |
Grouper let us specify two groups with the same override DN (cn=GrouperTest,ou=User Groups,ou=Groups,dc=umich,dc=edu), and the provisioner didn't complain, though it also didn't do the right thing. |
[GRP-4122] if matching id is retrieved from target (e.g. dn, or uuid), then it should create before through required error Created: 17/Jun/22 Updated: 17/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4120] grouper provisioner entity attribute value cache auto-USDU Created: 16/Jun/22 Updated: 16/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.9 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In the 2.6.9+ provisioner, whether “Entity attribute value cache 2 auto-USDU” is displayed seems to be tied to the “Use entity attribute value cache 1" toggle, not the “Use entity attribute value cache 2” toggle. |
[GRP-4119] provisioning activity log not decompressing log messages Created: 16/Jun/22 Updated: 16/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.8, 2.6.9, 2.6.9a |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-06-16-15-27-11-744.png |
Description |
Grouper started zipping provisioner error messages to try to get around Oracle's 4000 character varchar2 limit.
Grouper does not seem to uncompress them reliably.
|
[GRP-3485] Script from gsh export fail with dollar in attribute value Created: 28/May/21 Updated: 15/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.46 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Yoann Delattre | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If i export groups with export to gsh and these groups have an attribute value with a dollar sign, i get an error when i run the gsh result script :
If I escape all dollars, it works. |
Comments |
Comment by Dominique Petitpierre [ 15/Jun/22 ] |
The bug is still there in Grouper version 2.6.8. For me it occured in a loader configuration SQL query value that contains a regex: e.g. This causes a similar IllegalArgumentException error when the exported script is run. Question:
|
[GRP-4115] flat group attributes ldap membershipDN provisioner error on add member diagnostics Created: 15/Jun/22 Updated: 15/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-06-15-12-33-00-387.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 15/Jun/22 ] |
|
[GRP-4106] make the sql provisioner transctional Created: 12/Jun/22 Updated: 12/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4101] change log to change log temp export from new grouper, change to every 15, and two entries Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4100] add entity to group in config should make it default in diagnostics Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4096] review diagnostics dao stuff if allowed to delete Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4092] document ldap_dn for provisioning Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4091] document search filters for groups and entities in ldap provisioning Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4089] clarify membership attribute in provisioning Created: 10/Jun/22 Updated: 10/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4079] folder create and privs not showing in folder audits Created: 09/Jun/22 Updated: 09/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 09/Jun/22 ] |
Comment by Chris Hyzer (upenn.edu) [ 09/Jun/22 ] |
Drew Aschenbrener 1 hour ago |
[GRP-4084] if a membership add happens in group, it should not count as an update in the daemon counts Created: 09/Jun/22 Updated: 09/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4082] entitlement by group provisioner lists update count when not Created: 09/Jun/22 Updated: 09/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4081] entity attributes with group name does not fill in membership value Created: 09/Jun/22 Updated: 09/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4078] convert messaging endpoints to be external systems Created: 09/Jun/22 Updated: 09/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4077] add elfilter to messaging changelog consumer screen Created: 08/Jun/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This is an example from ESB changeLog.consumer.messagingEsb.elfilter |
[GRP-4056] "Export configuration file" only exports DB properties without any indication Created: 26/May/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.34, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Under Miscellaneous->Configuration, the option under Config actions to "Export configuration file" is really only exporting properties that are defined in the database. There is no indication that is what it is doing. It isn't intuitive, since it's not exporting what the user sees on the screen, which is the overlay of the entire hierarchy. It's also not acting on any Source type filter (e.g. non-base) or string filter, and it isn't intuitive that they will be ignored.
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Jun/22 ] |
maybe add more options or have descriptive error message if nothing there to export |
[GRP-4075] allow configuration in ldap to truncate part of the group name Created: 08/Jun/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Jun/22 ] |
maybe multiple? |
[GRP-4074] look at provisioning screen to see why lots of logs slows down Created: 08/Jun/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4073] an update to a group membership in provisioning without recalc causes an update to the group attributes Created: 08/Jun/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4072] Add loader configuration to the OSGI services Created: 08/Jun/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jonathan Johnson (unicon.net) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently, several configurations are available as OSGI services. Add the loader configuration to allow its use within other OSGI services |
[GRP-4027] provision to target where user previous existed then is removed (membertoid2) Created: 06/May/22 Updated: 08/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from gail "I'm looking back at the conversation that started on Jan 28 about how the new ldap provisioner handles the case of an entity that was previously found in the target (in membertoId2), but has since been deleted or moved. Full provisioner is not handling that,or ldaptive is not returning a useful error" |
Comments |
Comment by Bruce Timberlake [ 08/Jun/22 ] |
It would be helpful to have the provisioner write a log line with details (at least date/time, provisioner, and entity being attempted) for each failed attempt when it can't provision someone. That way, Splunk or other log aggregating services can easily find and report on the issue. |
[GRP-4059] pspng null pointer in log and setup test Created: 27/May/22 Updated: 07/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.61, 2.6.10 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
pspng should test connection with the connection test dn and filter if there and logging should not have a NPE |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 27/May/22 ] | |||||||||||||||||||||||||||||||
|
[GRP-3923] Duo - Provision user accounts Created: 08/Mar/22 Updated: 07/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | duo |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Ryan Rumbaugh | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | duo-user-account-1.patch |
Description |
The University of Nebraska has modified the grouper-duo provisioner to create new Duo accounts for the past few years. Typically Grouper stays out of the business of creating accounts and instead focuses on groups and memberships, but in our case it has proven to be invaluable. With our two-factor policies in Grouper using it to provision the Duo account, once the user is in the appropriate access policy, forces the user to enroll their device when they initiate their next SSO session. We could use our IdMS system, but using Grouper is more timely (no batch process or feeds required). Instead of maintaining the code ourselves we think this should be a configurable feature for the entire Grouper community. When we began our work there was no code to refer to, but now that the Duo provisioner supports creating admin accounts the class method (updateDuoUser) we built may be redundant. Attached is a Git patch that shows the changes we made – should be straightforward (I hope, I did have some challenges with the line endings). We included a new property in grouper-loader.properties to make it configurable. grouperDuo.provisionUsers = true |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 07/Jun/22 ] |
lets try this in 2.6.9 |
[GRP-4066] group update idindex should add a chnagelog entry Created: 06/Jun/22 Updated: 06/Jun/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes 7 minutes ago |
[GRP-4060] grouper smtp is enabled by default Created: 30/May/22 Updated: 30/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
it should only be enabled if host is filled in, do not default to localhost |
[GRP-4058] LDAP loader form missing option to schedule job Created: 26/May/22 Updated: 26/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-05-26-18-57-23-341.png image-2022-05-26-18-57-34-417.png |
Description |
SQL Loader:
LDAP Loader:
|
[GRP-3895] Add GSH as a loader job type Created: 02/Mar/22 Updated: 25/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, grouperLoader, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Grouper+-+Loader+GSH
A GSH job type will allow more kinds of sources in loader jobs. The script could be written to query a REST endpoint, a flat file, or a proprietary client-server interface, and then produce either a list of subjects (GSH_SIMPLE) or groups + subjects (GSH_GROUPS_LIST). The wiki proposes the subject and group resolution be done in the script rather than outputting then as strings. This is so that the script has total control, in case it needs to do more complex logic – e.g. custom display names or descriptions for groups, or dynamic source determination for subjects. Like gsh templates and reports, there will be specific variables passed into the script. GrouperSession and LoaderJobBean objects will be used like in the SQL and LDAP loader types, while a new GshLoaderJobResults object will hold the rows of the script results. for a GSH_SIMPLE job the rows will be Subjects, while for a GSH_GROUPS_LIST they will be Group + Subject tuples. It will not need a separate group query like the SQL loader does, because the script will be doing its own group creation as needed. |
Comments |
Comment by Chad Redman (unc.edu) [ 25/May/22 ] |
This will be tabled for now. There is a lot of duplicated base work, since there is no re-use of the attributes, form fields text config labels, or beans. Perhaps there will be a redesign of the loader in a future release so that there is more common infrastructure. In the meantime, creating an OTHER_JOB to run a gsh script (https://spaces.at.internet2.edu/pages/viewpage.action?pageId=166661325) should work just as well. You would just need to write your own group and membership sync. |
[GRP-4055] dont even try to do * in sql sync, it doesnt always do the right thing Created: 25/May/22 Updated: 25/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
i'm banging my head - 2.6.8 SQL sync from a view in Oracle to a postgres table. fullSyncFull - a primaryKey of emplid – all data is copied and it's quick BUT the emplid data is swapped with another column called empl_status. I have tried this a couple of times now and I get the same results. Michael Gettes 29 days ago Chris Hyzer 28 days ago Michael Gettes 28 days ago Michael Gettes 28 days ago |
[GRP-4053] attributeName in dijit combo box is one gear, not 3 Created: 25/May/22 Updated: 25/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0, 2.5.0, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-05-25-01-31-48-957.png |
Description |
When searching for an attributeName in the combo box, the icon is one gear, not 3. It used to be a folder icon, before GRP-1780 changed both attribute defs and names to the same gear icon
|
[GRP-4052] member not found in ui should not error out Created: 24/May/22 Updated: 24/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I'm seeing an error on some groups when accessed via the UI. In the UI, it refuses to display the group and displays: |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 24/May/22 ] | |||||||
| |||||||
Comment by Chris Hyzer (upenn.edu) [ 24/May/22 ] | |||||||
| |||||||
Comment by Chris Hyzer (upenn.edu) [ 24/May/22 ] | |||||||
note this occurred in an env with missing foreign keys |
[GRP-4050] remove this start with read only row if not real start with Created: 22/May/22 Updated: 22/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-05-22-12-22-08-008.png |
Description |
|
[GRP-4048] move morphString to grouper.hibernate.properties and document that it is required Created: 19/May/22 Updated: 19/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4047] allow daemon jobs with underscores Created: 19/May/22 Updated: 19/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Marwan Shaher Today at 12:15 PM 4 replies Justin Robinson 2 hours ago Justin Robinson Marwan Shaher 2 hours ago Marwan Shaher 2 hours ago Justin Robinson 1 hour ago |
[GRP-4046] zoom duplicate user id Created: 19/May/22 Updated: 19/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
java.lang.RuntimeException: java.sql.BatchUpdateException: Batch entry 92 insert into grouper_prov_zoom_user ( config_id, member_id, id, email, first_name, last_name, type, pmi, timezone, verified, created_at, last_login_time, language, status, role_id ) values ( 'pennZoomProd', 'dde6bab7a', 'jZ4M4TexS', 'jenenn.edu', 'Jenna', '', 2.0, NULL, 'America/New_York', 1.0, NULL, NULL, NULL, 'active', NULL ) was aborted: ERROR: duplicate key value violates unique constraint "grouper_zoom_user_id_idx" |
[GRP-4045] grouper should require morph string at start up Created: 18/May/22 Updated: 18/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Scott Koranda 25 minutes ago
Chris Hyzer 1 minute ago |
[GRP-4044] google provisioning framework should sync the manager role of a group Created: 18/May/22 Updated: 18/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jason Cho Today at 1:54 PM |
[GRP-4042] change add / replace / remove in group import to be a drop down with more documentation Created: 17/May/22 Updated: 17/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4041] add WS labels in UI for object fields Created: 17/May/22 Updated: 17/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
FROM
TO
|
[GRP-3218] new daemon to delete old logs from grouper_sync_log Created: 06/Mar/21 Updated: 16/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-05-13-18-08-21-638.png |
Description |
this is for any functions that write to grouper_sync_log (e.g. new provisioning framework). This is not needed after 2.6.9 |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 06/Mar/21 ] | |||||
temp delete on postgres with:
| |||||
Comment by Chris Hyzer (upenn.edu) [ 13/May/22 ] | |||||
as a workaround you can add a script daemon to do this before 2.6.9 GSH script in daemon should be
Then delete this daemon when you upgrade to 2.6.9 |
[GRP-4039] non-Root with folder VIEW and ATTR_READ can't access attributes Created: 14/May/22 Updated: 15/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | GRP-4039-stemMoreActionsButtonContents.png |
Description |
For a non-root user, with the correct READ privileges on an attributeDef, and VIEW and ATTR_READ on a folder, the user can't see the attributes on the folder because the menu item isn't an option. See screenshot |
[GRP-4040] StemFinder and GroupFinder findByUuidOrName can't find when name has upper case letters Created: 15/May/22 Updated: 15/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.4.0.patch, 2.5.0, 2.6.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Part of the StemFinder code is converting the scope to lower case, but not making the field lower case when using it in the query. Also applies to GroupFinder. Introduced in grouper_2_4_0-a74-u44-w8-p11 and 2.5.0 |
[GRP-4038] Changes lost between incremental loader triggering full loader(s)? Created: 13/May/22 Updated: 13/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We've deployed an incremental loader based on the information found at... In our example,
We are losing transactions in the case where the incremental is running with a threshold of 100 and a large amount of transactions are processing. The incremental loader notes that there are transactions over the 100 threshold on the GROUPER_INCREMENTAL table and calls the full loader to take over. At that time, the full loader grabs the transactions that are there to process at that time. Meanwhile data is still processing through and queuing on GROUPER_INCREMENTAL table to be processed. At one minute increments, the incremental loader wakes up and checks the GROUPER_INCREMENTAL table and sees a batch of data to process again over the 100 threshold. The incremental loader tries to call the full loader. The full loader is already running. The incremental loader adds a time_completed to the GROUPER_INCREMENTAL and thinks it is good . Those new batches of changes do not get picked up because the first full loader is still processing its first 100+ changes from the first call. Additional full loader runs are NOT scheduled. This continues as long as there are enough transactions over the threshold for the incremental loader. The result is transactions after the incremental first calls the full loader to run are not processed but are marked complete. Annotated log.... Incremental loader activity from 9:01, removing 805 umichhr values, with annotations: grouper-daemon;grouper_error.log;${ENV};${USERTOKEN};2022-05-11T09:01:00,179: [DefaultQuartzScheduler_Worker-5] WARN GrouperLoaderIncrementalJob.runJob(327) - [] - Loader group etc:loader:umichhr__v has too many changes. Threshold=100. Changes=163. Marking incremental updates as complete and triggering full sync. Full run triggered, 2022-05-11 09:01:00.0 almost immediately issues sql query for all data, picking up ??? of the records meanwhile, data continues to arrive . . .
grouper-daemon;grouper_error.log;${ENV};${USERTOKEN};2022-05-11T09:02:00,404: [DefaultQuartzScheduler_Worker-8] WARN GrouperLoaderIncrementalJob.runJob(327) - [] - Loader group etc:loader:umichhr__v has too many changes. Threshold=100. Changes=164. Marking incremental updates as complete and triggering full sync. another full run is NOT successfully triggered; Grouper does not see most of these changes
grouper-daemon;grouper_error.log;${ENV};${USERTOKEN};2022-05-11T09:03:00,148: [DefaultQuartzScheduler_Worker-4] WARN GrouperLoaderIncrementalJob.runJob(327) - [] - Loader group etc:loader:umichhr__v has too many changes. Threshold=100. Changes=164. Marking incremental updates as complete and triggering full sync. another full run is NOT successfully triggered; Grouper does not see these changes
grouper-daemon;grouper_error.log;${ENV};${USERTOKEN};2022-05-11T09:04:00,170: [DefaultQuartzScheduler_Worker-9] WARN GrouperLoaderIncrementalJob.runJob(327) - [] - Loader group etc:loader:umichhr__v has too many changes. Threshold=100. Changes=168. Marking incremental updates as complete and triggering full sync. another full run is NOT successfully triggered; Grouper does not see these changes
grouper-daemon;grouper_error.log;${ENV};${USERTOKEN};2022-05-11T09:05:00,363: [DefaultQuartzScheduler_Worker-3] WARN GrouperLoaderIncrementalJob.runJob(327) - [] - Loader group etc:loader:umichhr__v has too many changes. Threshold=100. Changes=145. Marking incremental updates as complete and triggering full sync. another full run is NOT successfully triggered; Grouper does not see these changes full run ends 2022-05-11 09:18:50.0, only the first 163 changes were processed |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 13/May/22 ] |
Left on its own, the incremental isn't working for us if we allow it to hit its threshold. We can raise the threshold, but I'm not sure it would ever work for us based, based on our observations. |
Comment by Liam Hoekenga (umich.edu) [ 13/May/22 ] |
Is it safe that the incremental loader is running when a full loader runs? |
[GRP-4032] container httpd config error format is after the include Created: 10/May/22 Updated: 10/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
David Li 3:22 PM |
[GRP-4031] look at the introspection endpoint for OIDC Connect (e.g. UI authn) Created: 09/May/22 Updated: 09/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
look at the introspection endpoint for OIDC Connect |
[GRP-4030] make a template example to disable daemon jobs Created: 09/May/22 Updated: 09/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3703] provision groups without memberships to azure and get exception Created: 18/Nov/21 Updated: 09/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 09/May/22 ] |
Dec 8 2021 AI Chris add more info to GRP-3703, (provision groups without memberships to azure and get exception ), discussion Feb 16: what should happen when there is a validation. problem? Suggestion to add another flag. Tackle this in the next Grouper release. Other use cases : groups with no membership should be considered not provisionable, do this as a separate option , with a checkbox, Leave this as of March 2 2022, Hard to know if group has no memberships. Use a Validation error. Already keeping track in sync table? Chris will look at that…. Workflow of provisioner… making changes, if no value, it pops a value in there. Added a new validation type: required, non existent topic, length, invalid value, membership required but not there. |
[GRP-4029] clean up grouper image after removing log4j, so its not in the intermediate files on system scans Created: 09/May/22 Updated: 09/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
research the clean-up step after a Grouper sub image probe that removes broken files related to old LOG4J versions |
[GRP-4025] Removing recent membership config doesn't remove settings Created: 04/May/22 Updated: 04/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Ben E Rappleyea | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | ui | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
OpenShift running grouper 2.6.8 |
Attachments: | image-2022-05-04-11-56-41-841.png |
Description |
When loader configuration is set initially to be "recent memberships" and saved. Attempts to remove this configuration via the UI fail. You are able to set it back to "No, doesn't have loader configuration" but when you save and then open again the result is that it is set back to "Yes, has loader configuration". This appears to coincide with what is in the database also.
|
[GRP-4023] in subject source config ldap the only option is subtree scope Created: 03/May/22 Updated: 03/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4022] add attestation report widget on home page Created: 03/May/22 Updated: 03/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4021] maybe have data owners as drop down and searchable groups by data owner Created: 03/May/22 Updated: 03/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4020] add zoom external system Created: 02/May/22 Updated: 02/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4019] refactor matching and search attribute configuration Created: 02/May/22 Updated: 02/May/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-4008] "Include current members" status in UI Created: 26/Apr/22 Updated: 29/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Ben E Rappleyea | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | ui | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Red Hat Openshift containers of the Internet2 image 2.6.8 |
Attachments: | Demonstrating GRP-4008.mp4 image-2022-04-26-14-22-12-898.png image-2022-04-26-14-22-37-565.png |
Description |
When configuring the loader for a group it has been our experience that if you set the config in the UI to one thing the "view loader settings" option will show the opposite of what is selected in the "edit loader configuration" option.
|
Comments |
Comment by Ben E Rappleyea [ 29/Apr/22 ] |
Adding a video that might better explain what is occurring. I have confirmed, however, that this is not occurring at the DB level and appears to only be in the UI. |
[GRP-4012] Provisioner UI: Name field is set to drop down when the attribute name is EL-based. Created: 28/Apr/22 Updated: 28/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.6.8 UI |
Description |
I've noticed, however, is that when I go to edit that provisioner now, the custom name of the attribute(even though I have it as an EL attribute), defaults back to its dropdown option and I have to re-enter the name each time. If you know an easy workaround for it, that'd be great. Seems to happen with "groupTypes" and "${'groupTypes'}" as values. |
[GRP-4009] per user trigger for USDU Created: 26/Apr/22 Updated: 26/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
As discussed in https://internet2.slack.com/archives/C7V0UQDJ4/p1643407164579049?thread_ts=1643399763.779279&cid=C7V0UQDJ4 Consider adding something to allow 3rd party to trigger usdu for a specific subject.
|
[GRP-4005] azure provisioner should limit which types of groups it can create/manage Created: 25/Apr/22 Updated: 25/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Only Microsoft 365 and security groups can be managed through the Microsoft Graph groups API. Mail-enabled and distribution groups are read-only through Microsoft Graph. |
[GRP-3998] provisioning azure metadata should be for groups or folders Created: 23/Apr/22 Updated: 23/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3997] azure provisioner group type metadata Created: 23/Apr/22 Updated: 23/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for groups and folders values: unified, security, distributionGroup, securityMailEnabled, unifiedSecurityEnabled ${grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'unified' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'unifiedSecurityEnabled' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'distributionGroup' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'securityMailEnabled'} ${grouperUtil.contains(['unified', 'unifiedSecurityEnabled', 'distributionGroup', 'securityMailEnabled'], grouperProvisioningGroup.retrieveAttributeValueString('md_groupType'))} ${grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'unifiedSecurityEnabled' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'security' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'securityMailEnabled'} ${grouperUtil.contains(['unifiedSecurityEnabled', 'security', 'securityMailEnabled'], grouperProvisioningGroup.retrieveAttributeValueString('md_groupType'))} ${grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'unifiedSecurityEnabled' || grouperProvisioningGroup.retrieveAttributeValueString('md_groupType') == 'unified' } ${grouperUtil.contains(['unifiedSecurityEnabled', 'unified'], grouperProvisioningGroup.retrieveAttributeValueString('md_groupType'))} |
[GRP-3996] add group owners in azure provisioner Created: 23/Apr/22 Updated: 23/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
metadata to add group name to a provisionable group |
[GRP-3995] azure provisioner subject link exception Created: 23/Apr/22 Updated: 23/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 23/Apr/22 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-3993] add unique contraints on provisioning tables e.g. group name Created: 23/Apr/22 Updated: 23/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3988] allow cte queries in loaders Created: 20/Apr/22 Updated: 20/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
jeffrey crawford: Just wanted to point out that I’m using a recursive CTE query for ATTR_SQL_SIMPLE. I noted in the past that SQL loader seems to have a sanity check that forces the beginning of the query to begin with “SELECT”, CTE’s begin with “WITH”. I’m just worried that someday it may be corrected and my query will break. Can we please note to allow CTE type queries going forward? |
[GRP-3986] add ruleIfConditionEnum aGroupInFolderHasImmediateEnabledMembership Created: 19/Apr/22 Updated: 19/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for starrez, so an org change can trigger email if user has a membership in folder. also need to remove if not active from any group based on eligible group (employee?) |
[GRP-3985] provisioner test case with entitlements and display extension Created: 18/Apr/22 Updated: 18/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Apr/22 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
start with extension, change to display extension, try deletes too
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 18/Apr/22 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-3984] template folder label not externalized Created: 13/Apr/22 Updated: 13/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-04-13-17-00-57-397.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 13/Apr/22 ] |
|
[GRP-3983] provisionable column does not match screen Created: 08/Apr/22 Updated: 08/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-04-08-10-15-42-373.png |
Description |
|
[GRP-3982] reports: group to send report to should not be required Created: 05/Apr/22 Updated: 05/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
"Group id to send email to is a required field"
All the email fields should go away if not sending email |
[GRP-3981] Misnamed property for SQS secret key Created: 04/Apr/22 Updated: 04/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperClient |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Scott Cantor (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It appears as though the "built-in" settings in the GUI and in the default property examples for establishing an external system definition for a message queue contain a property of secretyKey instead of secretKey, which I assume is just a mistype. I'm not sure that the internals actually are wrong though, I think it may just show up incorrectly in the GUI (including not providing the means to set the right property when adding a new external system definition). We haven SQS CLC and it seems to work, but using the key in secretKey as one would expect. |
Comments |
Comment by Scott Cantor (osu.edu) [ 04/Apr/22 ] |
(This is true AFAIK in both 2.5 and 2.6.) |
[GRP-3164] Add container param to set static instrumentation uuid Created: 24/Feb/21 Updated: 02/Apr/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.42 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-02-23-20-57-42-388.png |
Description |
Since moving to containers, the instrumentation uuid used to identify the host for metrics gets regenerated every time a new container is started. Since the list of hosts is keyed by this id, it makes the list of containers longer over time, needed to scroll a lot before seeing the graphs. The suspicion that this might happen was guessed at in The number of uuids can be reduced by being able to set it per container. So the UI in a certain environment would have one, WS in the same environment would have another, the UI in a different environment another, etc. This may not be enough, since there is another column "Server Label" which is the machine name. In OpenShift at least this gets a new name for every container, so fixing the uuid wouldn't reduce the number of rows. Maybe make the list collapsible so it doesn't take so much scrolling? Or put it after the graphs? |
Comments |
Comment by Chad Redman (unc.edu) [ 24/Feb/21 ] |
|
Comment by Chris Hyzer (upenn.edu) [ 24/Feb/21 ] |
so if I have 3 daemon nodes in prod, would they all have the same server label? I cant put a label in the container since it fargate and its the same image/config. Right? or maybe theres a script I could write to ask AWS if I am node 1, 2, or 3? |
Comment by Chad Redman (unc.edu) [ 01/Apr/22 ] |
Maybe we can think about the whole concept of the uuid? Instrumentation was designed before containers, when Grouper only ran on one or two servers. The random uuid was generated, saved to a local file, and remained as is forever. I don't know what is is useful for, other than to indicate a different instance of a container (which the server label is possibly already doing). That is really the problem – it's going to generate a new uuid every time the container starts, and it proliferates a new set of statistics for it, and will eventually affect performance. These are attribute assignments, not audit logs, and it isn't designed to store ever-increasing rows. My use case is for (a) batch jobs that run a one-off container, or (b) a UI container that may restart periodically. I don't care about differentiating the uuid, and I want to put a static value there so it can aggregate the data better. |
Comment by Chris Hyzer (upenn.edu) [ 02/Apr/22 ] |
remind me to discuss this at the next dev call |
[GRP-3980] provisioning: add option to not select all groups or memberships (e.g. azure) Created: 31/Mar/22 Updated: 31/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3979] if marked not provisionable in grouper, then delete from the target Created: 31/Mar/22 Updated: 31/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
not working at harvard. delete setting is "delete if not exist in grouper" |
[GRP-3978] provisioning, delete group, matching/search is extension, create same extension, error Created: 31/Mar/22 Updated: 31/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 31/Mar/22 ] | |||||||||||||||||
|
[GRP-3977] failsafe for too many adds Created: 30/Mar/22 Updated: 30/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Brett Bieber 2:08 PM |
[GRP-3969] provisioning: verify that "select all entities" false will not select all entities specifically in LDAP and SQL Created: 29/Mar/22 Updated: 29/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3968] ldap provisioning validation to see if the translated DN rdn value matches the RDN translation Created: 29/Mar/22 Updated: 29/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. there was a dn: uid=123,ou=whatever |
[GRP-3967] add and remove entity provisioning diagnostics defaults in config Created: 29/Mar/22 Updated: 29/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3956] add provisioning customizeMembershipAttributeCrud Created: 28/Mar/22 Updated: 29/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-03-28-22-10-43-089.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 29/Mar/22 ] |
|
[GRP-3958] provisioning group show validation settings Created: 28/Mar/22 Updated: 28/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-03-28-18-52-15-989.png image-2022-03-28-18-52-42-698.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 28/Mar/22 ] |
|
Comment by Chris Hyzer (upenn.edu) [ 28/Mar/22 ] |
|
[GRP-3950] fix deprecated "number of batches" methods Created: 26/Mar/22 Updated: 26/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
should pass in if there should be at least one returned |
[GRP-3945] dont make all files executable, only dirs Created: 22/Mar/22 Updated: 22/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Tames McTigue 3 hours ago
Tames McTigue 3 hours ago Tames McTigue 2 hours ago |
[GRP-3944] in provisioning, if not configured perhaps try to automatically decide if should select all entities based on count and configured threshold and other configs Created: 21/Mar/22 Updated: 21/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3943] provisioning diagnostics make easier to bootstrap Created: 18/Mar/22 Updated: 18/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
at the beginning of diagnostics
the result is you can configure the provisioner without adding a full or incremental and without marking the test group as provisionable, and the diagnostics will do its thing and tell you if your config is ok |
[GRP-3942] in provisioning if there are multiple records with the same matching id, just error those records Created: 18/Mar/22 Updated: 18/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
threshold? maybe only a small percentage? |
[GRP-3936] refactor provisioning tests to have fewer configuration sections Created: 16/Mar/22 Updated: 18/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Mar/22 ] | ||
also instead of:
use this format:
this allows running a test and then reproducing or exporting config in ui |
[GRP-3941] provisioning take out attribute__ from values Created: 18/Mar/22 Updated: 18/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3940] refactor box provisioner to not use java box client Created: 18/Mar/22 Updated: 18/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3938] provisioning selectAllEntities should not have a default Created: 17/Mar/22 Updated: 17/Mar/22 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
people should choose if they want to select all entities or not |
[GRP-3935] change grouperProvisioningGroupField to grouperProvisioningGroupAttribute Created: 16/Mar/22 Updated: 16/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3934] merge provisioning grouperProvisioningGroupField and groupSyncField Created: 16/Mar/22 Updated: 16/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3933] change from translateFromGrouperProvisioningGroupField to attribute (and other objects) Created: 16/Mar/22 Updated: 16/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3932] take out attribute__ from provisioning scriptlets Created: 16/Mar/22 Updated: 16/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 16/Mar/22 ] |
e.g. attribute_subjectSourceId, attribute_description |
[GRP-3931] change ldap DN from field name to attribute ldap_dn Created: 14/Mar/22 Updated: 14/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3929] logging env and usertoken do not work Created: 11/Mar/22 Updated: 11/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.8 |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Joel Rettinger 4:37 PM |
[GRP-3928] gsh template should be able to have an optional drop down Created: 10/Mar/22 Updated: 10/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
'Run mode' is not valid. Valid values are 'audit, update'. |
[GRP-3897] User having read/update on a group should be able to see group names that are members even without view privilege on them Created: 02/Mar/22 Updated: 03/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | 2.6.8 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-03-02-13-12-00-099.png |
Description |
If a user has READ + UPDATE on a group, and a group is a member of that group, but the user doesn't have READ or VIEW on that member group, they can see the members of that group indirectly, but not the group name itself. In the screenshot above, a user needs to attest the group, but can only see the indirect members, not the direct group member. They can't determine whether that group is appropriate in order to attest to it. Should it be assumed that if a user has read and update on a group, they should be able to see the names of member groups? This would probably affect the API and WS as well, not just the UI. The current behavior also affects visualization, where it shows the group having members, but doesn't include the source group that is the source of those members. |
Comments |
Comment by Chad Redman (unc.edu) [ 03/Mar/22 ] |
Since the group entry is hyperlinked, we will need to handle it somehow. Maybe not hyperlink it, possibly also add a note to the group name that it's not not readable?
|
[GRP-3896] cannot index a primary key in oracle Created: 02/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford 2 hours ago
Jeffrey Crawford 1 hour ago CREATE TABLE GROUPER_FAILSAFE |
[GRP-3888] load more actions in group in ajax only if needed Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3887] add performance logging on view group in ui Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3834] remove slf api v25 from maven Created: 18/Feb/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chad Redman 10:22 AM |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Feb/22 ] | |||||||||||||||||||||||||||||
or change to v32
| |||||||||||||||||||||||||||||
Comment by Chad Redman (unc.edu) [ 18/Feb/22 ] | |||||||||||||||||||||||||||||
Maven sees the dependencies differently in the grouper (api) pom vs. the grouper-api-container pom, even though the latter should be inheriting the former's dependencies
So it seems to be a strange maven dependency issue with 2-level vs. 3-level deep dependencies.The pom for log4j-slf4j-impl itself does indeed depend on 1.7.25, per its pom at https://search.maven.org/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1/jar:
The solution for the next Grouper version may be to revert to 1.7.25, to match the log4j-slf4j-impl transitive dependency. For now, since the jar difference is possibly only in the EventData api, we may be ok with both versions, and the java processes will just pick one and work ok |
[GRP-3886] error when editing templates Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/22 ] |
Chris Hyzer 1 hour ago
Scott Cantor 24 minutes ago Scott Cantor 15 minutes ago Scott Cantor 3 minutes ago Chris Hyzer < 1 minute ago Chris Hyzer < 1 minute ago |
[GRP-3875] groups are public read and view but users cannot see the folder Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3891] If there are too many errors then stop the provisioner Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Ben when I run a SQL table provisioner it immediately dumps about 75GB of data to /tmp/logpipe |
[GRP-3894] how to know when matching id is required... Created: 02/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for group attributes, you need groups if there is an entity link, then you need entities etc |
[GRP-3893] failsafe attribute not found Created: 01/Mar/22 Updated: 02/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Mar/22 ] | |||
this needs to be removed grouper.properties (default is true in base config)
this needs to be removed from grouper-loader.properties (default is true in base config)
this should return no records. If it returns something, contact the grouper team
| |||
Comment by Chris Hyzer (upenn.edu) [ 02/Mar/22 ] | |||
Run this GSH to create loader types (should be automatic, but if not, then this might help)
|
[GRP-3892] add assignments on assignments to group edit attributes Created: 01/Mar/22 Updated: 01/Mar/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.9 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/22 ] |
I think we can do this solely from looking at attribute structure... but maybe we need configs to make it easier and more explicit? e.g. indentSize (default to zero, but accept 1 also). and showEl where you could put an expression and can eval that on submit? |
[GRP-3865] inherited privilege rule should be invalid if assigning admin to everyentity (daemon fails) Created: 26/Feb/22 Updated: 26/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-3862] refactor env and usertoken in the container logs Created: 25/Feb/22 Updated: 25/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
just sub in file doesnt need env var |
[GRP-3850] make it easier to sync data from list of objects to SQL table Created: 24/Feb/22 Updated: 24/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
See the WS to SQL script daemon example |
[GRP-3849] Improve MembershipFinder api Created: 23/Feb/22 Updated: 23/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.6.7 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There is not a way in gsh to find a subject's memberships in groups, in a way that is flexible and easy to use. Compared with the other chained finder classes, the MembershipFinder is much harder to use:
It's not easy to determine what needs to be set for various queries. For example, If I wanted to find all the groups under a stem where a user has the read privilege:
The Javadoc for assignScopeForGroup is "if paging for group, then also filter for member" which I don't understand. Why is paging necessary in order to filter? So how to add paging? Nothing matching addPag* or assignPag*. Maybe it's assignQueryOptionsForGroup(QueryOptions)? Again, the javadoc "query options for group. must include paging. if sorting then sort by group" mentions paging being required.
All this should be more intuitive. In the GroupFinder, you can set a stem scope, set fields or privileges, and set a subject to find. The results are a Set of groups. Unfortunately, it does not appear from the source code that it can filter on immediate memberships.
|
[GRP-3848] provisioning DAO can acknowledge object as whole, and any nulls in attribute action acks should be automatically filled in Created: 22/Feb/22 Updated: 22/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3846] change SQL provisioner to insert memberships when inserting groups/entities if groupAttributes/entityAttributes Created: 22/Feb/22 Updated: 22/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3845] provisioning if attribute is not select but is insert, then do not insert the attribute when updating the object (except for memberships) Created: 22/Feb/22 Updated: 22/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3837] counts for provisioning in loader log Created: 18/Feb/22 Updated: 18/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Chris Hubing (internet2.edu), Drew Aschenbrener (ufl.edu)
|
Description |
full, total should be objects in target (add memberships) incremental, total should be clc records processed |
[GRP-3835] wssec throwing error Created: 18/Feb/22 Updated: 18/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
grouper_1 | tomee;catalina.out;${env:ENV};${env:USERTOKEN};2022-02-18 15:12:34,842 [localhost-startStop-1] INFO org.apache.axis2.deployment.ServiceDeployer- The GrouperServiceWssec_v2_5.aar service, which is not valid, caused java.lang.NoSuchMethodError: org.apache.axiom.om.impl.OMNodeEx.setParent(Lorg/apache/axiom/om/OMContainer;)V |
[GRP-3825] add a way to bootstrap config Created: 17/Feb/22 Updated: 17/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black 3 hours ago |
[GRP-2798] change container to slf4j .25 Created: 15/May/20 Updated: 17/Feb/22 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.34 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Andy Morgan(opens in new tab) Yesterday at 4:59 PM
Shilen Patel(opens in new tab) 1 day ago Shilen Patel(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Chris Hyzer(opens in new tab) 1 day ago Chris Hyzer(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Chris Hyzer(opens in new tab) 1 day ago Chris Hyzer(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 1 day ago Chris Hyzer(opens in new tab) 1 day ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 7 hours ago Chris Hyzer(opens in new tab) 7 hours ago Andy Morgan(opens in new tab) 5 hours ago Andy Morgan(opens in new tab) 5 hours ago Andy Morgan(opens in new tab) 5 hours ago Andy Morgan(opens in new tab) 4 hours ago Andy Morgan(opens in new tab) 4 hours ago
Andy Morgan(opens in new tab) 4 hours ago |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 17/Feb/22 ] |
is this fixed?
|
[GRP-1509] subject API diagnostics should test email address Created: 05/Apr/17 Updated: 17/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.3.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From: Black, Carey M. black.123@osu.edu RE: setting email value I already have this in my config. (But it is not working) Any other ideas of what I might be doing wrong? The LDAP source has a value for the attribute “mail” that is an email address. (example: black.123@osu.edu) When I use the Subject API diagnostics page I see this in the output for my Subject ID:
REF: https://github.com/Internet2/grouper/blob/master/subject/conf/ldap.sources.xml.example I do not see a sample for “emailAttributeName” and the format looks more like “Name_AttributeType”….. REF: https://github.com/Internet2/grouper/blob/GROUPER_2_3_0-branch/subject/tests/edu/internet2/middleware/subject/provider/JNDISourceAdapterTest.java Is this just a “miss” in this API? (Or am I not seeing something?) |
[GRP-3438] grouper gsh templates should take uuid or name for folders and groups Created: 28/Apr/21 Updated: 17/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Template question about the requiring uuid for things like folderUuidToShow. Would it not make more sense to base that off of name? Would help migrating configs between different environments. |
[GRP-3672] config key error message Created: 22/Oct/21 Updated: 17/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.6.3 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes 6:45 AM |
[GRP-3823] Add advanced filter to subject's memberships, where you can filter by object type Created: 16/Feb/22 Updated: 16/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.6 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The memberships tab for a subject may include a lot of intermediate groups which are not interesting to see. In order to trim the data to the more useful rows, there should be an advanced filter where you can include or exclude one (or more?) object types. |
[GRP-3822] change container test to not use hsql Created: 16/Feb/22 Updated: 16/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3820] try provisioning diagnostics with dn override Created: 16/Feb/22 Updated: 16/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from liam |
[GRP-3817] Grouper WS does not behave as expected with some attribute call request Created: 16/Feb/22 Updated: 16/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hubing (internet2.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I was hoping to be able to return a list of memberships for a user, but only if the group itself had a certain attribute (in this use case, we have one that marks that it's a "working group", so we can display to people in a separate UI that they are in said working groups). The way we do it now is to get a list of the person's groups, then we have to do a call to look at each group and see if it has that attribute on it. I was chatting with Chad about this in one call and trying to do something similar and we found a few things that he said we should capture in JIRA. Here's what Chad said. "There is likely a gap in what WS can do. I can get close, but don't get the results I expect ] { } this should at least get the groups, but it (1) assumes its metadata on an assignment and not a direct value, and (2) for some reason prepends the attribute with "etc:legacy:attribute:legacyAttribute_", so your attribute would need to be in that folder"
|
[GRP-3781] add option to not provision groups with no members Created: 25/Jan/22 Updated: 16/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If this is selected, then empty groups will be removed from the target |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 16/Feb/22 ] |
|
[GRP-3814] allow gsh scripts to take arguments Created: 14/Feb/22 Updated: 14/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I believe you and Chad answered my question re: passing parameters into gsh scripts, e.g. "gsh foo.groovy <params>". Hopefully you'll post something in the #incommon-grouper channel if that capability becomes available. Thanks for making time for this. Jim Tomlinson (he/him) |
[GRP-3811] allow edit provisioner from provisioner details page (not just from main page) Created: 11/Feb/22 Updated: 11/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3807] grouper diagnostics showing too much info Created: 10/Feb/22 Updated: 10/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
using ?diagnosticType=daemonJobsOnly&includeOnly=loader_MAINTENANCE_cleanLogs yields a lot of "extra" lines that I'd expect to just be left out: |
[GRP-3806] errors on gsh container start Created: 10/Feb/22 Updated: 10/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-2820] allow customizable help url Created: 22/May/20 Updated: 08/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Richard Frovarp 10:57 AM |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Feb/22 ] |
Matt votes for this |
[GRP-3804] on edit membership screen remove checkboxes and just have text (i.e. unchecking direct member does nothing) Created: 08/Feb/22 Updated: 08/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3803] on group screen to show memberships of another group, allow to add a group (to add this group to that group) like subject screen Created: 08/Feb/22 Updated: 08/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3801] detect if subject attributes or source attributes are misspelled on subject api wizard Created: 05/Feb/22 Updated: 05/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3799] ldap provisioner should get the DN from the CN... (not group attribute) if there is no translation Created: 05/Feb/22 Updated: 05/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3798] make it easier to replace chars in attributes in provisioning Created: 05/Feb/22 Updated: 05/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. for ldap when you cant put a colon in a DN and need to replace with something else |
[GRP-3796] make jdbc subject source for testing editable and store in database Created: 03/Feb/22 Updated: 03/Feb/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3789] loader should clean up empty folders Created: 31/Jan/22 Updated: 31/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Drew Aschenbrener Today at 11:15 AM |
[GRP-3788] do not set alternate names by default on moves Created: 31/Jan/22 Updated: 31/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3786] disable subject caching from ui if few results returned Created: 28/Jan/22 Updated: 28/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Liam Hoekenga 42 minutes ago
Shilen Patel 8 minutes ago Liam Hoekenga 5 minutes ago Shilen Patel 4 minutes ago Chris Hyzer < 1 minute ago |
[GRP-3785] handle changed netIds in provisioning Created: 28/Jan/22 Updated: 28/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Liam Hoekenga Today at 2:56 PM
3 replies Chris Hyzer < 1 minute ago Chris Hyzer < 1 minute ago Chris Hyzer < 1 minute ago |
[GRP-3780] grouper provisioning diagnostics fails on missing group dn. This is groupAttributes where memberships are subjectIds. Full sync works but diag fails Created: 25/Jan/22 Updated: 28/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Shilen Patel (duke.edu) [ 28/Jan/22 ] |
Unable to reproduce. Added a test case that succeeds: https://github.com/Internet2/grouper/commit/4c54ae275431fe89e7c3fe69ec58d240ba7f2eed
We'll see if anyone runs into this issue again and if so what their config looks like. |
[GRP-3772] add a way to export provisioning config Created: 20/Jan/22 Updated: 20/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3771] dont join to grouper_field in hib3membershipDao if not needed or used or joined in where clause Created: 19/Jan/22 Updated: 19/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.6 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3770] remove add members button from add members screen (just have add) Created: 18/Jan/22 Updated: 18/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3769] provide a way to delete a person Created: 15/Jan/22 Updated: 15/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Reply… Also send to incommon-grouper incommon-grouper Jason Peak 4 months ago Chris Hyzer 4 months ago Chris Hyzer 4 months ago Jason Peak 4 months ago Chris Hyzer 4 months ago Michael Gettes 4 months ago Jason Peak 4 months ago Jason Peak 4 months ago Jason Peak 17 hours ago Chris Hyzer 17 hours ago Chris Hyzer 17 hours ago Jason Peak 17 hours ago Jason Peak 17 hours ago Chris Hyzer < 1 minute ago |
[GRP-3767] bring duo users and data back to grouper (like zoom table) Created: 12/Jan/22 Updated: 12/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. push device |
[GRP-3766] ldap provisioning filter should not search on same values Created: 11/Jan/22 Updated: 11/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Liam Hoekenga 5:31 PM |
[GRP-3764] improve provisioning search attributes Created: 10/Jan/22 Updated: 10/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chris Hyzer 4:58 PM Liam Hoekenga 4:59 PM |
[GRP-3763] provisioning counts for sql do not work Created: 10/Jan/22 Updated: 10/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2022-01-09-22-12-39-262.png |
[GRP-3758] add failsafe attributes on group Created: 09/Jan/22 Updated: 09/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. min size, etc |
[GRP-3757] list failsafes in grouper daily report Created: 09/Jan/22 Updated: 09/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3754] add more notification options Created: 07/Jan/22 Updated: 07/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chris Hyzer 1 day ago Justin Robinson 1 day ago Justin Robinson 1 day ago Chris Hyzer 1 day ago Chris Hyzer 1 day ago Chris Hyzer 1 day ago Justin Robinson 1 day ago Chris Hyzer 1 day ago Justin Robinson 1 day ago Chris Hyzer 1 day ago Yoann Delattre 4 hours ago Joel Rettinger 1 hour ago Joel Rettinger 1 hour ago |
[GRP-3751] issue provisioning diagnostics warning if reading from sync bucket but not writing to it Created: 06/Jan/22 Updated: 06/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3748] address the need to frequently bounce grouper container Created: 03/Jan/22 Updated: 04/Jan/22 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The developers have suggested that it might be advisable / desirable to bounce the grouper containers on a nightly basis. It seems like this might be problematic when there are jobs that are spread through the day. Could the need for frequent reboots be described / investigated? (e.g. memory leaks?) |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/Jan/22 ] |
yeah, memory leaks, if it works for a week, then do it weekly You can use trial and error... Also, you should look at the jobs and schedules and you should be able to find some time to bounce it so it doesnt conflict with a long running job... |
[GRP-3732] delete old change log consumer entries Created: 15/Dec/21 Updated: 15/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Drew Aschenbrener Today at 3:50 PM |
[GRP-3731] dont check types table after a certain ddl version or upgrade step version Created: 14/Dec/21 Updated: 14/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Ross Wilper Yesterday at 11:25 AM Ross Wilper 1 day ago Ross Wilper 1 day ago Chris Hyzer 2 hours ago Ross Wilper 1 hour ago Chris Hyzer < 1 minute ago |
[GRP-3726] auto ddl message should be adjusted in 2.6 Created: 11/Dec/21 Updated: 11/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-3725] config page should show container version and grouper version Created: 10/Dec/21 Updated: 10/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3719] "groups i manage" should show read/update groups Created: 09/Dec/21 Updated: 09/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3717] improve performance of property configuration in the UI Created: 09/Dec/21 Updated: 09/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.5 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The property management page in the UI is relatively slow to appear, approximately 20 seconds at our institution for grouper.properties to be loaded. This is so slow that it not only affects the wait time for the page to appear, but also impacts properties import. When importing properties, the import results in the green status bar are immediately displayed, and the page appears to be complete. But when you go to another page, the page may initially display, but will then be redirected later back to the property management page, which took a while to generate the summary page of all the properties. Apparently the ajax isn't cancelled so is still pending 20 seconds after going to a different page. In our configuration, the configuration pages also randomly but consistently would bring down our UI server (which was admittedly tight on memory). Doing a profile while loading the configuration page shows that it uses up 150MB of ram for temporary objects that are then released for GC once the page loads. This seems like a lot, for a page that is just loading key/value pairs.
|
[GRP-3673] null group name causes errors on startup Created: 27/Oct/21 Updated: 08/Dec/21 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Erik Coleman 6:57 PM |
[GRP-3716] refactor container unit tests for new quickstart Created: 08/Dec/21 Updated: 08/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3708] Incremental loader: prevent extra full syncs Created: 30/Nov/21 Updated: 08/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Gail Lift | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Michael Gettes
|
Description |
The incremental loader (https://spaces.at.internet2.edu/display/Grouper/Grouper+loader+real+time+updates) will trigger a full sync when a transaction arrives for a group that did not previously exist. We would like an option that could prevent the full syncs from being triggered. If possible, we would like the incremental loader to create the group(s) with the transaction subject as a member. If only full sync can create groups, we would like some way to detect that memberships are pending the next sync (perhaps something in the grouper_incremental table row?). Our HR data loader creates/updates a multitude of ref groups. To avoid creating bunches of groups that are unlikely to have members (eg, faculty in the plumbing shop department), we don't create some classes of ref groups until a member arrives. If the incremental loader sees a transaction for a group that doesn't yet exist, the new member is the only member. The 'true up' of a full sync is not required. Also, we don't want extra full syncs during the day. This was discussed briefly in the grouper slack channel on Nov 16, 2021.
|
[GRP-3608] Add audit entry of specific subject in group members tab Created: 13/Sep/21 Updated: 08/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.0 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-09-13-17-46-33-732.png | ||||||||||||
Issue Links: |
|
Description |
When investigating out when a particular subject was added to a group, getting the whole audit list for the group and looking through all the pages for the subject is cumbersome. (1) The audit entry table can be very large, and may perform poorly; (2) except for date, there is no filter in the audit entry view other than by date, so the user needs to scan through pages of entries to find the target.
From the membership view, getting the membership add/change/delete audit entries for a particular user in a group should be much faster than getting all the entries for the group.
Suggested:
|
[GRP-1214] Ability to export Audit report as CSV file Created: 14/Oct/15 Updated: 08/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.2.2 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jeffrey Crawford | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | audit, csv, export, log | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Red Hat EL 6 |
Description |
We can download the members of a group as a CSV file, our security team would like that expanded to the audit log. It would be useful that the same filter criteria could be used so that a CSV would only contain the time frame of interest. |
[GRP-3714] Allow externalized text in Types metadata Created: 07/Dec/21 Updated: 07/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Justin Robinson (iu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Often data owners or member descriptions will have the same or vastly similar text. When this is the case, it would be great to update it in one location for all areas used and to only set the values once. Request: update Grouper Types metadata to pull from externalized text. |
[GRP-3713] RFE: org specific daemon instances Created: 06/Dec/21 Updated: 06/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We'd like to allow unit / org level admins access to loader / provisioner settings. We're worried about allowing them to do that on shared provisioner resources, but were thinking it might be acceptable if we could pin their jobs to specific daemon instances (that they're paying for?) |
[GRP-3712] RFE: provisioners sharing load? Created: 06/Dec/21 Updated: 06/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In the future, might it be possible for provisioners to share their queued work across multiple daemons? We're concerned about provisioning operations getting blocked behind larger / slower operations |
[GRP-3711] Nesting capable provisioners? Created: 06/Dec/21 Updated: 06/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Could / should the provisioning backends that understand nested groups be extended to allow for nested groups? e.g. provision your reference structure to an LDAP target, and then allow the provisioner to reference the local copy of those reference groups rather than syncing down the members of those reference populations every time they're included |
[GRP-3709] gsh template error if delete the folder where the template runs Created: 06/Dec/21 Updated: 06/Dec/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Should be able to do something like this, or just show the parent folder if not there
|
[GRP-3687] duo external system secret key should be password field Created: 06/Nov/21 Updated: 06/Nov/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 06/Nov/21 ] |
its marked as password in the config file metadata |
[GRP-3691] add command debug to sql provisioner Created: 06/Nov/21 Updated: 06/Nov/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3688] duo provisioner does not update description (provisioning framework) Created: 06/Nov/21 Updated: 06/Nov/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3675] add unicode types to client database api Created: 29/Oct/21 Updated: 29/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.5 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 29/Oct/21 ] | ||||||||||||||||||||||
|
[GRP-3671] add Boolean as provisioning attribute type Created: 22/Oct/21 Updated: 22/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3668] add provisioning troubleshooting zip download Created: 21/Oct/21 Updated: 21/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
include the sanitized configs, version, stats, logs (from DB), etc |
[GRP-3648] ran recent memberships full loader multiple times and it finds adds but they dont get applied? Created: 06/Oct/21 Updated: 20/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 06/Oct/21 ] |
Comment by Chris Hyzer (upenn.edu) [ 20/Oct/21 ] |
needs a view change |
[GRP-3664] add subjectIdOrIdentifier to MembershipSave Created: 14/Oct/21 Updated: 14/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3657] add database to report CSV config Created: 08/Oct/21 Updated: 08/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Oct/21 ] |
GrouperConfigType.retrieveReportDataByConfig() |
[GRP-3656] report with bad cron gives error but still partially saves Created: 07/Oct/21 Updated: 07/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png screenshot-2.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 07/Oct/21 ] |
Comment by Chris Hyzer (upenn.edu) [ 07/Oct/21 ] |
[GRP-3654] add file upload to GSH import Created: 07/Oct/21 Updated: 07/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3652] grouper deprovisioning should not fail if membership remove doesnt do anything, and shouldnt show disabled memberships Created: 07/Oct/21 Updated: 07/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3651] dont allow config keys with "secret" or other things that mean password Created: 06/Oct/21 Updated: 06/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
changeLog.consumer.M365PrivateDefault.syncAttributeName = ******* |
[GRP-3647] add a lookup table for view params (i.e. "etc" is configurable and doesnt work with "inst:etc" Created: 06/Oct/21 Updated: 06/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
CREATE OR REPLACE VIEW penngrouper.grouper_recent_mships_conf_v |
[GRP-3646] obliterate stem had error Created: 06/Oct/21 Updated: 06/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | obliterateError.txt |
[GRP-3645] add swagger to grouper WS Created: 04/Oct/21 Updated: 04/Oct/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.1 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3643] Notification feed functionality to address long-running UI operations Created: 30/Sep/21 Updated: 30/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Major |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper UI, all versions. |
CC: |
Carey Black (osu.edu), Chad Redman (unc.edu), Erik Coleman (illinois.edu), Justin Robinson (iu.edu), Liam Hoekenga (umich.edu)
|
Description |
Currently, long-running operations will result in an error message "×There was an error with your request. Click here to start over." No error has occurred outside of the UI timeouts. However, the user isn't notified that their operation is still processing, only when it completes.
A functional improvement to the UI would be a notification <div>, accessible from an icon in the upper right of the UI (similar to notification feeds in certain social platforms and admin consoles) from any page. The feed would contain the user's recent activity(similar to that on the user's main page). The feed would be modified to add an entry when when an operation taking longer than a configurable amount begins, then another when an operation ends. |
[GRP-2130] UI timeout page that the user is redirect to instead of leaving them "wherever" they are to have a fail on "first click" Created: 08/May/19 Updated: 30/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.3.0, 2.4.48, 2.5.57 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 4 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
My users (and I ) are often frustrated by the "CSRF warning" only to click a link and SSO back into the app. It would be a much better experience if the user would come back to a "your session has expired" page and know that the first click leads to a login process instead of being surprised by the process.
I have seen "security centric" apps that have UI timeouts built in. When the timeout expires ( due to lack of use ) the browser auto redirect the user to a page that tells them their session has timed out and gives them a link to log back in. (and start a new session.)
I think it would be a good feature for Grouper UI to implement. |
[GRP-3641] Visualization: If sibling count greater than set limit, display a node indicating truncation Created: 29/Sep/21 Updated: 29/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-09-28-23-39-07-539.png |
Description |
Credit to Karl Amrhein for this suggestion. If a group has a large number of groups as members, it's desirable to limit the number of siblings shown to make the drawing smaller. But there is no indication in the graph whether siblings are being truncated. So maybe add a pseudo-node indicating more groups exist? See one possibility below.
|
[GRP-3640] export to gsh should use new build patterns or abbreviate format Created: 24/Sep/21 Updated: 24/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 24/Sep/21 ] |
add error handling and output to builder pattern classes (swallow exceptions) |
[GRP-3638] Shore up "masking" of secrets in Configuration view Created: 24/Sep/21 Updated: 24/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Scott Cantor (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The PSPNG provisioner I guess depends on an LDAP property that ends in bindCredential instead of password, and the Configuration view in the UI of the loader properties doesn't mask it the way it does other property names it thinks are secrets. Seems like an obvious/simple fix. I'm aware that it would be masked if it were stored in the database directly, but that's not always the goal. |
[GRP-3637] PSPNG not full-syncing AD groups with memberships above a certain number Created: 22/Sep/21 Updated: 22/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Blocker |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.4 and newer(at least) |
Attachments: | grouper_error.log |
Description |
PSPNG is encountering an issue during full-sync where groups whose membership requires paging to retrieve are not getting properly synced. The issue occurs:
LdapGroupProvisioner.doFullSync()'s initial LDAP lookup in results in the Actual values being 0. This results in the function believing it only has an add to an empty group and will attempt to add existing members to the group, which will throw an AD Error ENTRY_ALREADY_EXISTS. LdapSystem.performLdapModify will attempt to retry the mod and will re-read the object from AD again(using Ldap RangeEntryHandler), this time getting the correct membership. However, rather than recalculate the delta between current and actual to determine the type of operation to perform, it calculates the delta of the group assuming the prior type of operation from the initial ldap read. So if there's no additional members to add, the delta will be 0 and PSPNG assumes there's nothing more to be done.
PSPNG will compare the size of the memberships afterwards and see that the counts are still not correct. It will then re-run the sync 2 more times before issuing the warning:
PSPNG is aware that it's not syncing correctly and it reporting it as such, but with the correct logic, it should be able to resolve this on its own.
|
[GRP-3636] add provisioning delete option to not sync objects where "provisionable" is removed but the grouper object still exists Created: 22/Sep/21 Updated: 22/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/Sep/21 ] |
maybe we need a "sync object" column for "provisionable_pause_millis" which is the millis from 1970 that provisioning for this object was paused. That can be set in UI or when provisionable is removed or whenever... |
[GRP-3634] add more loader logs in the message to be seen in ui Created: 22/Sep/21 Updated: 22/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/Sep/21 ] |
[GRP-3631] add good descriptions to all LDAP provisioning elements Created: 20/Sep/21 Updated: 20/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. auto filters we will document it but... the default will |
[GRP-3629] import error row number not correct Created: 20/Sep/21 Updated: 20/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | screenshot-1.png |
Description |
says row 2 not row 3 |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/Sep/21 ] |
[GRP-3624] demo container exits with: Error: Can't drop privilege as nonroot user Created: 18/Sep/21 Updated: 18/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3623] cannot init registry since cannot find subject Created: 18/Sep/21 Updated: 18/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
2021-09-18 15:09:57,330: [main] FATAL RegistryInstall.install(118) - - unable to initialize registry: null |
[GRP-3622] message for not provisionable before the provisioner has run Created: 18/Sep/21 Updated: 18/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
FROM: TO: |
[GRP-3620] auto translate dn and rdn for flat and bushy with dn override Created: 17/Sep/21 Updated: 17/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3618] add oidc to grouper ui Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3617] jwt expiration 0 makes no sense Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3616] add jexl validation to jwt claims to only allow certain conditions Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3615] allow custom ui to be able to pass user into it Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3613] conslidate logging in container and allow pipes, local files, or both Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3584] membership provisioning screen says "in target no" when it is in target Created: 03/Sep/21 Updated: 15/Sep/21 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.6.0 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-09-03-13-36-30-941.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 03/Sep/21 ] |
|
[GRP-3612] GSH templates support input type of 'find a Subject' and 'find list of Subjects' types Created: 15/Sep/21 Updated: 15/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | GSH Templates, UI |
Affects Version/s: | 2.5.56 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful to reuse the existing 'add Member' UI structure and logic to allow a user to select a subject ( or a list of subjects) as an input to a GSH template. Ideally the GSH template config could also add some limits/scopes to the searches too:
|
[GRP-2430] add audit in membership drop down for memberships Created: 19/Nov/19 Updated: 13/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
[GRP-1845] Group "View audit log" should allow a user to filter by more values than time Created: 25/Jul/18 Updated: 13/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
2.3 |
Issue Links: |
|
Description |
Only being able to filter by dates is rather limiting. Please also allow the UI user to filter by the following: Actor ( grouper user/process that made the change ) Member ( Member was affected by the change ) Type of change ( add , delete[AKA: remove] , Exported, ... other actions??) |
[GRP-3603] add provisioning target attribute value validation (e.g. for eduPersonEntitlement) Created: 13/Sep/21 Updated: 13/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 13/Sep/21 ] |
and/or a way to apply the grouper validation to the target values... |
[GRP-3596] UI attributeName owners filtering should support filtering on the values that are assigned. Created: 09/Sep/21 Updated: 09/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.54 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The filtering on the Attribute Name "view assigned owners" appears to only filter on the object names where the attribute Name is assigned. It would be very helpful to also be able to "find" by assigned Value matching too. |
[GRP-3595] improve daily report defaults Created: 09/Sep/21 Updated: 09/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Liam Hoekenga Today at 11:03 AM 1 reply Chris Hyzer < 1 minute ago |
[GRP-3594] UI filter features should not clear as frequently as they do Created: 08/Sep/21 Updated: 08/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.6.0, 2.5.56 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Example ( but not the only one) is the UI for attribute assignments for an AttributeName. If you set a filter to get a sub set of the assignments. Either the refresh should be "optional", or the filter should be maintained and reused during the refresh. I can see value in not doing the refresh constantly for the user. (UI performance to fetch almost the same list back each time.) But that likely would require other UI dynamic actions for things like "remove" a row too. |
[GRP-3593] Ability to do adds first during a loader job (rather than deletes Created: 07/Sep/21 Updated: 07/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Jonathan Johnson (unicon.net) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 4 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
James Babb (wisc.edu), Oakes Dobson
|
Description |
The Grouper Loader processes group membership deletes before it processes group membership adds. For large groups (for which adds and deletes require more time & processing power), this can cause up to several hours of 'service flickering,' which is essentially users losing membership to a group that provides a service for the period of time it takes the delete and then the add to process. It might be better to process the adds before the deletes so that this service flicker doesn't take place. We believe this is the spot in the code where the Grouper Loader chooses to process deletes before adds: Would it be possible to allow us to configure this so that we could tell the Grouper Loader to process the membership adds before the deletes? We understand that there are some situations in which it's better for deletes to occur before adds, but it would be nice to be able to have the choice to configure the loader to do adds before deletes. |
[GRP-3559] Refactor UI templates to not depend on the UI Created: 04/Aug/21 Updated: 07/Sep/21 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0.patch, 2.5.0 |
Fix Version/s: | 2.5.56 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
The classes for the UI templates – both the original app/gdg/policy and the new gsh ones – were written to only be usable from the UI. This means that they can't be called from GSH or from WS, without creating mock HTTPRequest and HTTPSession containers. It also makes it harder to write unit tests. The classes have been added to the edu.internet2.middleware.grouper.grouperUi.beans.ui package, even though they are not beans. This makes it harder to identify which classes are related to the template functionality, since they are mixed in with container bean classes that were originally meant to be for jsp templates.
See also GRP-3041 Make the Template Feature available in the WS API |
Comments |
Comment by Chad Redman (unc.edu) [ 04/Sep/21 ] | |
The application template is fine. But the policy template (GrouperTemplatePolicyGroupLogic) has references to GuiResponseJs, so that it can inject error messages. If these were changed to just throwing exceptions, it would be usable outside of the UI. | |
Comment by Chad Redman (unc.edu) [ 04/Sep/21 ] | |
Removed the dependence on GuiResponseJs. Unfortunately, there is still a dependence on GrouperRequestContainer via GrouperTextContainer. This is in property keys like "policyGroupAllowDescription", which are EL expression that reference GrouperRequestContainer:
The only variables available to EL expressions used by GrouperTextContainer are grouperRequestContainer, servlet request, and textContainer itself. Variable grouperRequestContainer is null outside of the UI, so this returns a NPE from gsh. I don't see a way to inject stemTemplateContainer as a variable which is all it needs and doesn't require a http context. Is there any way to do text properties with EL that can avoid grouperRequestContainer while still supporting internationalization? | |
Comment by Chad Redman (unc.edu) [ 04/Sep/21 ] | |
An odd workaround for the ${grouperRequestContainer.stemTemplateContainer....} issue was to add a new variable `stemTemplateContainer` to the EL map. For some reason, EL evaluates ${grouperRequestContainer.stemTemplateContainer} to stemTemplateContainer if grouperRequestContainer is null. |
[GRP-3592] GrouperProvisioningAttributeNames missing methods to retrieve provisioningMetadataJson and provisioningOwnerStemId Created: 06/Sep/21 Updated: 06/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.40, 2.6.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The various attributes in GrouperProvisioningAttributeNames have methods to retrieve the attributeDefName for them, except provisioningMetadataJson and provisioningOwnerStemId. Also, it seems there are two methods that both retrieve provisioningMarker. Method retrieveAttributeDefNameBase() is used in production classes, and retrieveAttributeDefNameMarker() is used in test classes.This could eventually lead to inaccurate test results
|
[GRP-3585] usdu failing on same subject identifier on unresolvable subjects Created: 03/Sep/21 Updated: 03/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There are subjects with the same subject identifier=abc, subjectIds=xy123,234yut. |
[GRP-3581] the setting when assigning if provisionable for "policy groups only" should be a boolean control (radio or drop down) Created: 02/Sep/21 Updated: 02/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-09-02-17-11-58-811.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Sep/21 ] |
|
[GRP-3580] deprovisioning full and incremental daemon should propagate attributes to attributes Created: 02/Sep/21 Updated: 02/Sep/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
and maybe folders? uncomment GrouperDeprovisioningLogicTest.testUpdateDeprovisioningMetadata() |
[GRP-2441] tree display performance with permissions turned on Created: 22/Nov/19 Updated: 26/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0, 2.5.54 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I prefer explicit permission models instead of implied.
Example: If there was a "folder view permission" then groups could be given access to see a folder. ( or "the magic All subjects thing" could be used too.)
To achieve the current implied folder visibility design: ( or turn it off at the root or at some level down the tree, if you don't ): A rule (on the root folder) on folder create:
That way as folders are created and people are allowed to see a N level deep folder, they will automatically be able to see all the N-1 level deep folders above it back to the root.
Another rule could:
In this model a user might have access to something in a N level deep folder that they can not see the whole path too in the UI folder tree. ( Which is fine with me. ) They should be able to search and find, bookmark, find via services those things too. I would expect the tree to "add parent folder(s) back up to the root" when a user "jumps" to an object from a search. ( Picture long chain of "closed" folders back to the root with only the children object(s) of the last folder being added to the tree. ) If a user selects a "higher level folder" that they don't have explicit access to, then they see nothing and nothing changes in the tree. ( no error, no message, must a "folder with a child folder". All I am really talking about is making the permissions that drive the tree structure in the UI local to each folder so that a "search of a single folder's child folders/objects" is all that is ever needed for the "open" tree folder. When a folder is selected in the tree then becomes an "open folder" and then it's child objects are added to the tree and closed child folders are added to the tree as well.
It's a fairly big ask, but it makes the UI more "permission driven" and avoids "loading the whole tree" (at any time) to do it.
And maybe other indexing approach could be done to "fix performance" too. However, this approach adds a feature that would allow users to have a simplified folder UI structure as well. (And that could be achieved other ways too. I like using ACL's to provide the most flexibility to the deployer. ) |
[GRP-2604] WS query can return data that is out of scope of the query. Created: 27/Feb/20 Updated: 25/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.4.0, 2.5.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Setup to test:Setup to test:
Test it: Do a WS call like the following: ( Non-existent stem in query) Results: return both groups. However the STEM asked for does not exist in Grouper, nor do the groups returned match the stem that was asked for.
NOTE: An empty set would be ideal, But an "Error" (something like stem not found) would be reasonable too.
NOTE: The query returns correct results ONLY when the stem that is asked for exists
/v2.3.000/subjects/SUBJECT_ID_VALUE/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3AUSER_FOLDER%3Atest-ws&stemScope=ALL_IN_SUBTREE
/v2.3.000/subjects/SUBJECT_ID_VALUE/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3AUSER_FOLDER%3Atest-wsOther&stemScope=ALL_IN_SUBTREE
And if the WS users access is removed from the OthergroupForWSRead group
Then the query for the existing stem that the user can not access correctly /v2.3.000/subjects/IDM800047602/groups?wsLiteObjectType=WsRestGetGroupsLiteRequest&stemName=users%3Afolders%3Ablack.123%3Atest-wsOther&stemScope=ALL_IN_SUBTREE |
Comments |
Comment by Carey Black (osu.edu) [ 13/Jan/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 11/Mar/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 22/Apr/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 21/May/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 22/Jun/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 16/Jul/21 ] |
Any idea when this can be fixed? |
Comment by Carey Black (osu.edu) [ 25/Aug/21 ] |
Any idea when this can be fixed? |
[GRP-3408] update rabbitmq tls version Created: 22/Apr/21 Updated: 18/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Chris Hubing (internet2.edu)
|
Description |
Chris Hubing (internet2.edu) |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/Apr/21 ] | |||
might be nice to have an example using an exchange, rather than a queue. I just switched ours to that, and it took me a little bit more time to figure out the right configuration than I would have thought.
changeLog.consumer.rabbitMqMessaging.publisher.exchangeType = TOPIC changeLog.consumer.rabbitMqMessaging.publisher.messageQueueType = TOPIC changeLog.consumer.rabbitMqMessaging.publisher.routingKey = grouper changeLog.consumer.rabbitMqMessaging.publisher.queueOrTopicName = grouper | |||
Comment by Chad Redman (unc.edu) [ 04/Aug/21 ] | |||
This is the default since 2.5.34:
If the rabbitMQ server accepts 1.1, that's a configuration at the server. Is Grouper downgrading to 1.1 if tlsVersion is set to 1.2? |
[GRP-3569] MembershipFinder should have assignEnabled(true) in API calls that expect enabled memberships Created: 17/Aug/21 Updated: 17/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-1104] maven build requires dependency (org.wso2.charon) not in Maven Central Created: 22/Jan/15 Updated: 16/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | Exts |
Affects Version/s: | 2.2.1 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | David Langenberg | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
See https://github.com/Internet2/grouper/issues/20#issuecomment-71075672 Need to fix the pom.xml's so that the Grouper SCIM dependency on org.wso2.charon can handle the lack of those artifacts being in Maven Central |
Comments |
Comment by Julien Gribonvald (Inactive) [ 09/Mar/18 ] |
This problem is really blocking as this library in version 1.0.0 doesn't exist anymore, it's really difficult to find it. So please also update wso2 library version ! |
Comment by cer28 [ 31/Mar/18 ] |
The snapshot poms in both the 2.3 branch and master (2.4) branch have been adjusted. Charon isn't used in the grouper module anyway, so both it and wink were removed as dependencies. To satisfy the dependencies in grouperScim, the charon version in grouper-parent was changed from 1.0.0. to 2.1.3 (the latest version). It compiles ok, but the tests rely on configuration parameters that aren't in the source code. So please test and confirm that it works with this version. |
Comment by cer28 [ 22/Oct/18 ] |
Julien confirmed this is fixed for the API jar after dependencies removed. Still need to verify SCIM is still working, if someone has expertise in this. |
[GRP-3568] Subject diagnostics search fields remove default values "someSubjectId" etc. Created: 16/Aug/21 Updated: 16/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0.patch, 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-08-15-23-48-55-801.png |
Description |
The subject diagnostics search fields all pre-fill the subject search fields:
These values are unlikely to find anyone, so the user has to go to the fields and overwrite them or delete the values, otherwise they will have errors. Why default values? If they need hints, we can add placeholder properties to the input fields (see mockup screenshot).
|
[GRP-3567] Log INFO->DEBUG or remove: SessionInitialiser "resources/grouper/ui-permissions.xml not found. Default permissions apply." Created: 12/Aug/21 Updated: 12/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If log4j is set to default to INFO level, the majority of the UI logs are:
The ui-permissions.xml message this refers to is not included by default, is not mentioned in the wiki, and the format is only explained in javadoc. If anyone used it, it was only activated for the GroupMembershipMenuFilter in either the admin or lite ui. So it's highly unlikely to exist, which means it shouldn't warrant being at INFO level. Personally I vote to delete it. |
[GRP-3565] gsh templates should be able to use attributes for if run or who runs Created: 11/Aug/21 Updated: 11/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.54 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-3566] When user not in WS allowed user group, error message states the policy group is "media.properties penn.uiGroup" Created: 11/Aug/21 Updated: 11/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.4.0, 2.4.0.patch, 2.5.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This error message goes back 2008, and Grouper version 1.3 or earlier. The "media.properties penn.uiGroup" is hard coded in GrouperServiceJ2ee.
|
[GRP-3398] add ability to export non-base config from ui for a certain config file Created: 18/Apr/21 Updated: 10/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black 3:02 PM Marwan Shaher 3:16 PM Marwan Shaher 3:22 PM Chris Hyzer 3:29 PM Carey Black 3 days ago
Chris Hyzer 3 days ago Chad Redman 3 days ago Ryan Rumbaugh 3 days ago Erik Coleman 3 days ago Chris Hyzer 3 days ago Chris Hyzer 3 days ago Erik Coleman 3 days ago Chris Hyzer 3 days ago Erik Coleman 2 days ago Chris Hyzer 2 days ago Zachary Hanson-Hart 1 day ago |
[GRP-3563] Group DN override does not work with "flat" naming Created: 10/Aug/21 Updated: 10/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Container release 2.5.54 |
Description |
DN override seems to be incompatible with flat naming. The provisioner forces this naming pattern on groups when flat is chosen... grouper/src/grouper/edu/internet2/middleware/grouper/app/ldapProvisioning/LdapProvisioningTranslator.java, ~ line 56 } Based on the code in LdapProvisioningTranslator, I don't believe the issue can be worked around with the "proper" Group field name - translation expression
|
[GRP-3549] import config should let you pick the file (not name correctly) Created: 29/Jul/21 Updated: 09/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.55 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3041] Make the Template Feature available in the WS API Created: 02/Dec/20 Updated: 04/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Bill Kaufman (internet2.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
We are building features into the COmanage UI to enable simple users with the ability to see Grouper Groups they are part of and join or leave those they have the ability Optin-Optout of. We would also like to enable folks with minor admin authZ such as Working Group chairs etc. be able to create Groups to support their collaborations. Such groups would coincide with email lists, wiki spaces, Jira projects, etc. Using Templates to build multi-group collaborations would make this a much simpler activity in the UI and provide consistency in the way these collaborations are created. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Dec/20 ] |
when do you need it by? also, can you give an example of a template. i.e. what are the inputs. and what actions in grouper it will kick off (e.g. which groups will be created where, which will be composites, and which will be added to other groups)? is the expectation that if someone were to use this that they would need to setup some templates in Grouper, or would they be built in as comanage adapters of some sort?
|
Comment by Bill Kaufman (internet2.edu) [ 17/Dec/20 ] |
Chris, The sample pattern shown in these slides represents a basic way we would want to have a call to a template work. https://docs.google.com/presentation/d/1pUckt52-r3_wZrV6gHuc3l_j8ZcQDv28Kygt_oGAwRo/edit?usp=sharing
|
[GRP-3558] group.properties should support configuration.autocreate.<all_object_types>.* Created: 03/Aug/21 Updated: 03/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.55 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Major |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
grouper.properties currently supports: configuration.autocreate.group.* to have groups (and parent stems?) auto created by default when the system starts.
I would like to see that feature expanded to support all grouper objects such that a default "skeleton" could be "hard coded" into the properties file such that on start the desired registry is initialized to the local deployers design. Specifically all of these would be useful to be able to encode: A way to build: * folders,
|
[GRP-3557] When user not in WS allowed user group, should return 403 Forbidden instead of 500 Internal Server Error Created: 02/Aug/21 Updated: 02/Aug/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.4.0, 2.4.0.patch, 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When a user is not in the group set by ws.client.user.group.name, the response is 500 Internal Server Error. There isn't really an error, rather the user is forbidden. So the return code should be 403 Forbidden, so it can be distinguished from other kinds of errors. (Commit a3bfcc44, affects Grouper 1.3+) |
[GRP-3556] GSH Templates should skip the show/hide checks/logic if the template has no 'Jexl for showEl' on any inputs. Created: 30/Jul/21 Updated: 30/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Setting values on a GSH template can be slow. It appears to be due to a round trip to the server to validate the hide/show state for the inputs. This enhancement would avoid that processing when it will not be used for any of the Template inputs. |
[GRP-3555] 211.0: New JIRA: jsmith on first login sees “Added jsmith as a member of the Unknown group”. Probably the Ui Preferences group, do this as root so doesn’t show up in user’s recent actions Created: 29/Jul/21 Updated: 29/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3554] add ability to export non base config (not just db only) Created: 29/Jul/21 Updated: 29/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3553] installer should use https for training Created: 29/Jul/21 Updated: 29/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3552] Edit membership page shows form fields even if the user does not have update privs Created: 29/Jul/21 Updated: 29/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3551] export a provisioner config Created: 29/Jul/21 Updated: 29/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3548] new loader attributes not being created Created: 28/Jul/21 Updated: 28/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.52 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
And also this error due to which loader jobs are failingAnd also this error due to which loader jobs are failingedu.internet2.middleware.grouper.exception.AttributeNotFoundException: Cant find attribute: grouperLoaderDisplayNameSyncType at edu.internet2.middleware.grouper.Group.getAttributeValue(Group.java:2899) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderType.attributeValueOrDefaultOrNull(GrouperLoaderType.java:2496) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.runJob(GrouperLoaderJob.java:443) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:344) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)37 replies Sudheer Singidi 3 hours agoNo. We are not seeing it Sudheer Singidi 2 hours agoIt is set to :legacyAttribute.attributeDef.prefix=legacyAttributeDef_ Chris Hyzer 2 hours agoalso show me this screenshot (search for grouperLoaderGroupQuery and shoe results)image.png image.png Sudheer Singidi 2 hours agoimage.png image.png Sudheer Singidi 2 hours agoimage.png image.png Chris Hyzer 1 hour agocan you run this script in GSH and let me know the value at each line?import edu.internet2.middleware.grouper.cfg.GrouperConfig;String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName("grouperLoaderGroupQuery", false);legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName("grouperLoaderDisplayNameSyncType", false);Group adminGroup = GroupFinder.findByName(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.group"), true);adminGroup.getAttributeValue("grouperLoaderDisplayNameSyncType", false, false);Please also verify grouper version on GSH startupGrouper starting up: version: 2.5.54, build date: 2021/07/27 17:42:20 +0000, env: TESTHere is a sample outputgroovy:000> String attributeDefPrefix = GrouperConfig.retrieveConfig().propertyValueStringRequired("legacyAttribute.attributeDef.prefix");===> legacyAttributeDef_groovy:000> AttributeDefName legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName("grouperLoaderGroupQuery", false);===> AttributeDefName[name=penn:etc:legacy:attribute:legacyAttribute_grouperLoaderGroupQuery,uuid=657e5d343f024a359b81f3a239f7ca0c]groovy:000> legacyAttribute = GrouperDAOFactory.getFactory().getAttributeDefName().findLegacyAttributeByName("grouperLoaderDisplayNameSyncType", false);===> AttributeDefName[name=penn:etc:legacy:attribute:legacyAttribute_grouperLoaderDisplayNameSyncType,uuid=1ff029f40ced467281ff9444cd68c211]groovy:000> Group adminGroup = GroupFinder.findByName(GrouperConfig.retrieveConfig().propertyValueString("groups.wheel.group"), true);===> Group[name=penn:etc:sysAdminGroup,uuid=02c9399a-04e2-48f5-862a-6f5f6b34dc45]groovy:000> adminGroup.getAttributeValue("grouperLoaderDisplayNameSyncType", false, false);ERROR edu.internet2.middleware.grouper.exception.AttributeNotFoundException:Group penn:etc:sysAdminGroup doesn't have attribute: grouperLoaderDisplayNameSyncType at edu.internet2.middleware.grouper.Group.getAttributeValue (Group.java:2907) at edu.internet2.middleware.grouper.Group$getAttributeValue.call (Unknown Source) edu.internet2.middleware.grouper.misc.GrouperStartup.initLoaderType()I dont know why penn and the demo server and our dev env didnt need this, something about the state of the conversion tables... anyways, I added an upgrade step
|
[GRP-3545] gsh transaction issues with built in shortcuts Created: 27/Jul/21 Updated: 27/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black 4 days ago
|
[GRP-3541] problem removing attributes with hooks Created: 23/Jul/21 Updated: 23/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.54 |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-3537] Convert 'Veto if not group' rule into a hook that uses the Type=policy to enforce the "rule logic" Created: 21/Jul/21 Updated: 21/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.53 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I think being able to , by object type, enforce https://spaces.at.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Veto+if+not+group logic would be useful for deployments.
Basically apply type="policy" to the group and the logic become active for that group. Enable with something like this: |
[GRP-3512] Unresolvable Subject UI paging not working Created: 28/Jun/21 Updated: 15/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.50 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When choosing to view unresolvable subjects and there are multiple pages to display, the pagination links "First|Prev|Next|Last" do not work, and you cannot select a different page size. As a result, I can only view the first 50 unresolvable subjects. |
Comments |
Comment by Erik Coleman (illinois.edu) [ 15/Jul/21 ] |
This appears to be a condition that only happens under a certain sequence of events, which I haven't reproduced yet. Paging works, then quits. |
[GRP-3527] make email notification templates a textarea Created: 14/Jul/21 Updated: 14/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3526] grouperClient bug when GROUPER_CLIENT_WS_PASSWORD is set Created: 14/Jul/21 Updated: 14/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperClient |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Marwan Shaher (colorado.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | grouperClient | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In newer versions (2.5.xx ) of grouperClient.jar, it doesn’t look like the “encrypt.key” parameter is recognized if the value for GROUPER_CLIENT_WS_PASSWORD is set to the path of the file with the encrypted password. It results in the following error:
|
[GRP-3525] automatically remove old reports Created: 14/Jul/21 Updated: 14/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3522] report should not save blank values in attributes Created: 14/Jul/21 Updated: 14/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3518] a non required gsh template input is giving an error when blank Created: 13/Jul/21 Updated: 13/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3505] builder pattern for MembershipFinder() and GroupFinder() should have filter for immediate/effective Created: 23/Jun/21 Updated: 01/Jul/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.47 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Using the chained version of MembershipFinder, you can pass in subjects and or groups, but can't filter on immediate/effective memberships. You need to get all the results and then look at each membership. Similarly, chained GroupFinder().assignSubject(subject) can add a subject to find memberships for a subject, but there is no option to filter on immediate/effective |
[GRP-3508] find folders should validate parent stem name Created: 24/Jun/21 Updated: 24/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
if FIND_BY_PARENT_STEM_NAME query filter is given an invalid parentStemName (e.g. typo in path), it still returns SUCCESS but with an empty string. Is this by design, like a non-matching regexp returning 0 matches successfully? I somehow was expecting an error to be returned due to non-existent stem in the path. this is via WsRestFindStemsRequest by the way |
[GRP-3507] error in ui if added members while viewing audits, should either not have button there or start a session Created: 24/Jun/21 Updated: 24/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3504] Provisioning entity attribute gives error about missing group DN Created: 22/Jun/21 Updated: 22/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.52 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | grouper-loader.properties |
Description |
GTE (Grouper training environment) module 201.4 is provisioning an eduPersonEntitlement calculated based on group name. It needs the group to calculate the entitlement value, but is not provisioning the group itself. Validation of the provisioner gives 2 errors: |
[GRP-3503] GSH Templates for existing rules Created: 21/Jun/21 Updated: 21/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.52 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The use of Rules could be improved if:
Example: Group: ':etc:Disabled-date_activation_when_added_to_same_group' would be the user's who could run the GSH template that implements this rule for a selected group (input, or when GSH templates can be attached to groups ) https://spaces.at.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Disabled-date+activation+when+added+to+same+group |
[GRP-3501] getName() can return nulls, but the code that call getName() cannot Created: 15/Jun/21 Updated: 15/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
tldr; So the “getName()” method can return a null.And if the thing that is trying to use the value and does not protect against getting a null back then that thing using the null value blows up. ( That is the bug. ) ------------------------------- Carey Black 17 hours ago The docs suggest that that shouldn’t be fatal
yea.. “Returns name or null”… So the “getName()” method can return a null.And if the thing that is trying to use the value and does not protect against getting a null back then that thing using the null value blows up. ( That is the bug. )And your stack trace points right at it. |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 15/Jun/21 ] |
Bad title / description. Should be.. getName() can return nulls, but the code that call getName() cannot handle nulls |
[GRP-3500] subject identifier 0 is stale in sync_member table Created: 10/Jun/21 Updated: 10/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
if it gets reassigned to another user, it causes problems |
[GRP-3499] add option to delete from "unresolvable subjects" lookup screen Created: 10/Jun/21 Updated: 10/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | usdu2.png |
Description |
Consider adding the option to delete an unresolvable subject from the "unresolvable subject search" interface.
|
[GRP-3138] add filter to usdu ui Created: 11/Feb/21 Updated: 10/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | udsu1.png |
Description |
https://app.slack.com/team/U7G7ZS249Liam Hoekenga |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 11/Feb/21 ] |
It would be useful search against the same types of data that the normal search uses (i.e. subject ID, subject identifiers) instead of having to know the UUID. Maybe something like the mocked up image? |
[GRP-3463] Stem should have been created, and was, but still: Problem find stem by name: 'basis:people:roster:class:term-2218:phys:222' Created: 17/May/21 Updated: 04/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | 2.5.50 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Michael J Porter | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.5.50, level 3. Several grouper daemon containers running. Incremental loader also running |
Attachments: | g2.txt g.txt |
Description |
A full loader run was triggered for a job of type SQL_GROUP_LIST which could have created the stem, and it appears that an incremental loader was also running which likely did create the stem. Unfortunately, the incremental loader rows have bene deleted. However, by puling the audit log row that shows when the stem was created, and showing the related job logs, it might be possible to suggest that some sort of cache coherency issue is present when a stem is created in one daemon and looked for in another. |
Comments |
Comment by Michael J Porter [ 17/May/21 ] |
I attached file g2.txt which contains the full-ish job log entry for the failing job. The original file has some truncated columns. |
Comment by Chris Hyzer (upenn.edu) [ 26/May/21 ] |
seems like we need to make sure the incremental and full dont run at same time? |
Comment by Michael J Porter [ 04/Jun/21 ] |
Perhaps, but could an error like this also be triggered by a well timed action in the UI? The stack suggests that a lookup was done for a stem, it was not found, and then it tried to create the stem. This then threw a not-unique error because something else created the stem. So, myself, I might just put an error handler in for that error and ignore it. But, I also do not know a a lot (well, anything) about exception handling in Java. |
[GRP-3489] status url should work if logged in as some level of admin (not check source IP). Created: 01/Jun/21 Updated: 01/Jun/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3106] Azure provisioner Unified Groups - support additional extended properties Created: 28/Jan/21 Updated: 17/May/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
To improve the usability and customizability of groups once they are in Azure AD, it would be great if we could assign additional parameters currently not supported by the connector. Namely these parameters in the Request Body: allowExternalSenders (boolean) allows control of whether people outside the group can email to the group (default behavior is false) autoSubscribeNewMembers (boolean) allows members of the group to be automatically subscribed to get emails (default behavior is false) Interestingly, it appears this can only be called by a subsequent UpdateGroup call: [Update group - Microsoft Graph v1.0 | Microsoft Docs|https://docs.microsoft.com/en-us/graph/api/group-update?view=graph-rest-1.0&tabs=http] Not sure this will work in a CreateGroup call. |
Comments |
Comment by Erik Coleman (illinois.edu) [ 17/May/21 ] |
Microsoft has rolled out additional functionality to support groups being assigned to Azure roles, as documented here: [Use cloud groups to manage role assignments in Azure Active Directory | Microsoft Docs|https://docs.microsoft.com/en-us/azure/active-directory/roles/groups-concept] It would be ideal to support the ability to set the "isAssignableToRole" boolean flag upon group creation. This setting is immutable and set only on group creation. |
[GRP-3460] a callback grouper session block, that starts a session, will not be found in static grouper session Created: 15/May/21 Updated: 15/May/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3457] replace members with unresolvables should give message that wont proceed Created: 10/May/21 Updated: 10/May/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Justin Robinson 2 days ago Chris Hyzer 2 days ago Chris Hyzer 2 days ago Chris Hyzer 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago Chris Hyzer 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago
Chris Hyzer 2 days ago Justin Robinson 2 days ago Justin Robinson 2 days ago Justin Robinson 5 hours ago Chris Hyzer 3 hours ago Justin Robinson 3 hours ago Justin Robinson 3 hours ago Chris Hyzer 2 hours ago Justin Robinson 2 hours ago Justin Robinson 2 hours ago |
[GRP-3456] add read logs in grouper to ui and ws Created: 10/May/21 Updated: 10/May/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford 3 days ago Chris Hyzer 3 days ago Carey Black 2 days ago Chris Bongaarts (UMN) 1 day ago Chris Bongaarts (UMN) 1 day ago Chris Hyzer 1 day ago Jeffrey Crawford 1 hour ago |
[GRP-3442] compare merge configs across envs Created: 30/Apr/21 Updated: 30/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Counting on a long list of "click here, type this, then click that..." to make changes in the UI has been the source of subtle inconsistencies in other applications in the past, leading to Production not actually running the thing that was built and tested in non-prod... Trying to avoid that and bake good habits into our workflow as we get up to speed with Grouper and deploy it in our Production environment. Bruce Timberlake 3 days ago Bruce Timberlake 3 days ago Chris Hyzer 3 days ago Chris Hyzer 3 days ago Bruce Timberlake 3 days ago Jonathan Keller 3 days ago Jonathan Keller 3 days ago Jonathan Keller 3 days ago Bruce Timberlake 3 days ago Bruce Timberlake 3 days ago Carey Black 3 days ago Bruce Timberlake 3 days ago Bruce Timberlake 3 days ago Carey Black 3 days ago Bruce Timberlake 3 days ago Carey Black 3 days ago Bruce Timberlake 3 days ago Carey Black 3 days ago Bruce Timberlake 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Carey Black 3 days ago Carey Black 3 days ago Bruce Timberlake 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Bruce Timberlake 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Carey Black 3 days ago Carey Black 3 days ago Carey Black 3 days ago Jonathan Keller 3 days ago Chris Bongaarts (UMN) 3 days ago Chris Bongaarts (UMN) 3 days ago Chris Hyzer 2 days ago Lacey Vickery 2 days ago Carey Black 2 days ago Carey Black 2 days ago
Chris Bongaarts (UMN) 2 days ago Chris Bongaarts (UMN) 2 days ago Lacey Vickery 2 days ago Carey Black 2 days ago Chris Hyzer 2 days ago Lacey Vickery 2 hours ago |
[GRP-3440] change defaults for marking provisionable Created: 29/Apr/21 Updated: 29/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3410] other input’s available for replacement in the SQL string Created: 23/Apr/21 Updated: 28/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI, WS |
Affects Version/s: | 2.4.48 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Are any other input’s available for replacement in the SQL string? It would be interesting/useful to be able to show the use a list of “objects in the folder” ( object type could be driven by the structure/hard coded in the SQL or maybe by a previous input the user selected. ) A list of groups that start with user supplied string “good”( gsh_input_group_prefix ) SQL of next input could be something like: Exact SQL var syntax open to the whims of the project. |
Comments |
Comment by Erik Coleman (illinois.edu) [ 28/Apr/21 ] |
This would be useful if applicable to both SQL Loader jobs, as well as the SQL Table Sync! |
[GRP-3434] override dn of group in ldap provisioning Created: 28/Apr/21 Updated: 28/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3423] do not allow stems with same name (case insensitive) by default Created: 26/Apr/21 Updated: 27/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.48 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This includes name, display name, and alternate name. If you want to have stems with same name case-insensitive, set this in grouper.properties
To see if you have two stems with same name, run this query
|
[GRP-3412] recentMembership jobs should not be subject to FailSafe logic Created: 24/Apr/21 Updated: 24/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It took several hours to sort out what was going on with a recent membership job failing. One part was a local data condition.
I think that is a bug. recentMembership jobs should be "reliable enough" (based on all the data being in/from Grouper) to not "get it wrong".
|
[GRP-3411] GSH templates ( UI ) should support an input type of "Subject picker" Created: 23/Apr/21 Updated: 23/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.48 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be useful to be able to find subjects in user process of completing a GSH template. Reusing the existing search features of the UI for "Add Members" "Member name or ID:" searches would be good. Using the "search for an entity" UI might be better. |
[GRP-3409] when adding a group (e.g. with app template) do we need two audits, one for add one for edit?) Created: 23/Apr/21 Updated: 23/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-04-23-12-32-17-030.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 23/Apr/21 ] |
|
[GRP-3406] clear out error codes in sync provisioning objects before printing in logs or diagnostics Created: 21/Apr/21 Updated: 21/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3407] if the ldap provisioning group name in groupAttributes is not translated, but has a group link, it should copy from the sync table Created: 21/Apr/21 Updated: 21/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3405] provisioning only validate fields for update during update, insert during insert Created: 21/Apr/21 Updated: 21/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2827] members tab from group screen doesnt work when editing reports Created: 26/May/20 Updated: 21/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3403] keep a bad subject log Created: 21/Apr/21 Updated: 21/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Carey Black 2 hours ago |
[GRP-3401] grouper should not allow same object type with same case insensitive name by default Created: 19/Apr/21 Updated: 19/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.48 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 19/Apr/21 ] |
When provisioning to certain target systems (e.g. LDAP) there are case-sensitivity issues. Grouper is planning to simplify those issues by: |
[GRP-3399] auto-configure an ldap external system test by finding the username (object scope) Created: 18/Apr/21 Updated: 18/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3392] show pre-template errors on screen in gsh template if configured to show Created: 16/Apr/21 Updated: 16/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. a bad regex
|
[GRP-3389] save group (and stem?) should set parent display extensions if creating them Created: 15/Apr/21 Updated: 15/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 15/Apr/21 ] | ||
this might work WsGroupToSave.java
|
[GRP-3388] add ability to have dynamic values for gsh template inputs Created: 15/Apr/21 Updated: 15/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. a jexl script |
[GRP-3387] create a function with url to compare two groups Created: 15/Apr/21 Updated: 15/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Report: Members in both A and B. ( An intersection composite of A and B. ) members in xor (a or b but not both) |
[GRP-3386] add exclusive or composite type Created: 15/Apr/21 Updated: 15/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3372] add ability to call a gsh template from another template and consolidate output Created: 14/Apr/21 Updated: 14/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3370] add ability to have conditional attestation via script Created: 13/Apr/21 Updated: 13/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g. check to see if any of the manual groups have members. If not, then set the date automatically? |
[GRP-3369] if you edit a value in the config editor it should use the unprocessed value Created: 12/Apr/21 Updated: 12/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
test this with a double dollar value that references something else |
[GRP-3367] CompositeSave should allow "minus" and other words in addition to current words Created: 12/Apr/21 Updated: 12/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3366] CompositeSave chaining class should take groups in addition to group names Created: 12/Apr/21 Updated: 12/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3364] recent activity should escape html (e.g. edit externalized text) Created: 09/Apr/21 Updated: 09/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2903] Misc --> "All daemon jobs" filter option: List/sort jobs by "current/next run time" Created: 28/Jul/20 Updated: 08/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be useful to be able to see/find gaps in when jobs run. This can be helpful to: find "windows of time" to shutdown the daemon without interrupting jobs. And to verify the order that the jobs will be running. ( A human might notice a missing job in the list/sequence, or see "conflicts" between jobs too. )
If there was an option to only show "running jobs" and the next 5 jobs that will "start next" would also be a useful way to think/work with this idea too. |
Comments |
Comment by Carey Black (osu.edu) [ 08/Apr/21 ] |
to only show "running jobs" <-- would be helpful to diagnose conditions like a loader process that dumped a lot of events on the system and other processes are chewing through the backlog of events.... |
[GRP-3355] Provide the specify the DN of a target LDAP group in the provisioner configuration Created: 07/Apr/21 Updated: 07/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We have the need to tie existing target LDAP groups to grouper groups. A conversation with Chris and Shilen suggested that maybe an option could be added to the per-group provisioning options allowing the admin to specify / override the group's DN. |
Comments |
Comment by Liam Hoekenga (umich.edu) [ 07/Apr/21 ] |
"...have a built-in option for a provisionable metadata to override the DN..." |
[GRP-3354] offer "skeletal" grouper provisioner project Created: 07/Apr/21 Updated: 07/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful if there were a skeleton of a grouper provisioner that institutions could use a basis to implement new provisioners. Maybe an eclipse / maven project that could be imported into and IDE?
|
Comments |
Comment by Liam Hoekenga (umich.edu) [ 07/Apr/21 ] |
Carey Black (via slack): Any of the existing ones could be used as a pattern/starting point. |
[GRP-3344] alphabetize template list Created: 04/Apr/21 Updated: 04/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-04-04-01-23-30-771.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/Apr/21 ] |
|
[GRP-3343] check to see if a deleted config is in a config file and give a more accurate message Created: 03/Apr/21 Updated: 03/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Success: the property 'mail.from.address' was deleted from the database. Note, there still might be a configuration in a config file. |
[GRP-3341] email addresses label should be bold in attestation Created: 03/Apr/21 Updated: 03/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-04-03-11-46-14-006.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 03/Apr/21 ] |
|
[GRP-3326] object type daemon needs to be quicker Created: 30/Mar/21 Updated: 02/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Shilen will test on large database. GrouperProvisioningService.propagateProvisioningAttributes() pass in what to check (from full or incremental) Incremental from GrouperProvisioningLogicIncremental GrouperProvisionerGrouperDao has queries ? What if PIT not there? ? Do we need to change the "doProvision" equivalent
Full: OTHER_JOB_grouperObjectTypeDaemon
In the finder methods, we can make a generic query to get all attributes (check one name value pair?) Make AttributeAssignOnAssignFinder with generic methods Take out current method on group create etc. FULL
|
[GRP-3337] will compositeng rule remove a group is not employee (should ignore) Created: 02/Apr/21 Updated: 02/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3336] folder attestation validation (e.g. no email address) navigates away from form Created: 02/Apr/21 Updated: 02/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-04-02-10-22-48-918.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Apr/21 ] |
|
[GRP-3335] get memberships json rest sample should have memberships in result (its blank) Created: 02/Apr/21 Updated: 02/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-3334] allowedToUse configs show up in "remaining config" on config UI Created: 01/Apr/21 Updated: 01/Apr/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-04-01-11-33-56-050.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Apr/21 ] | |||||||||
| |||||||||
Comment by Chris Hyzer (upenn.edu) [ 01/Apr/21 ] | |||||||||
grouper.properties
|
[GRP-3333] update LDAP setting descriptions in the "external systems" UI Created: 31/Mar/21 Updated: 31/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.47 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The description for each of Batch Size, Count Limit, Time Limit, and Timeout is.. "optional (note, time limit is for search operations, timeout is for connection timeouts), most of these default to ldaptive defaults. times are in millis"
I think it would be more helpful to describe what each of those limits are for (and house batch size / count limit are different than "paged result size") |
[GRP-3330] validate various azure provisioning constraints Created: 30/Mar/21 Updated: 30/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
displayName is required displayName must be less than 256 description must be less than 1024 mailEnabled is required mailNickname is required displayName must be less than 64 securityEnabled is required |
[GRP-3322] Cannot remove jobs from daemon jobs screen Created: 29/Mar/21 Updated: 29/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.46 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jobs removed via the daemon jobs UI don't stay removed. They reappear. |
[GRP-1737] Allow daemon jobs to be scheduled on different hosts Created: 19/Apr/18 Updated: 25/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Something else and not quartz
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Mar/21 ] |
[GRP-3292] take out template run submit button when it is running (so not clicked twice) Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
put back if there is a validation problem |
[GRP-3291] add filter to membership screen for PIT, search for people who were added after a certain date Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3290] filter out success gsh template messages if rolled back and not success Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3288] add button to print out script header in GSH template Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3287] labels should be bold like other screens in template input screen Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3286] add template name to "running template" progress screen Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3285] gsh template screen should show template name, and link to stem Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3284] add validation on gsh template inputs, cannot have same name Created: 22/Mar/21 Updated: 22/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3263] cannot assign end date on attribute def priv assigned to a group. Created: 18/Mar/21 Updated: 18/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
it navigates to the group membership screen for the group and gives this exception
Error: edu.internet2.middleware.grouper.exception.MemberAddException: membership cannot be circular, Exception in save: edu.internet2.middleware.grouper.Membership, edu.internet2.middleware.grouper.hibernate.ByObject@1945de94, Problem in HibernateSession: HibernateSession (5ac82fdb): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (2afb55d2), Exception in save: edu.internet2.middleware.grouper.Membership, ByObjectStatic, query: ', cacheable: null, cacheRegion: null, entityName: ImmediateMembershipEntry, tx type: null, membership: group: test:testGroup, subject: 6582e92034274fa4a6277697f694618e, field: members, uuid: null, startDate: 2021-04-01 00:00:00.0, endDate: null, , group name: test:testGroup, subject: Subject id: 6582e92034274fa4a6277697f694618e, sourceId: g:gsa, field: members, Problem in HibernateSession: HibernateSession (6638c612): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (2afb55d2), Problem in HibernateSession: HibernateSession (450febca): notNew, notReadonly, READ_WRITE_NEW, activeTransaction, session (2afb55d2), Problem in HibernateSession: HibernateSession (2a3eed0b): new, notReadonly, READ_WRITE_NEW, notActiveTransaction, session (2afb55d2), Problem calling method saveMembership on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Membership |
[GRP-3262] grouper report should make sure unique name Created: 18/Mar/21 Updated: 18/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Enter a name without a date in it and let it run a bit
2021-03-18 04:23:00,089: [DefaultQuartzScheduler_Worker-5] ERROR GrouperReportLogic.runReport(133) - - Error occurred generating report for config name sdfgfs2021-03-18 04:23:00,089: [DefaultQuartzScheduler_Worker-5] ERROR GrouperReportLogic.runReport(133) - - Error occurred generating report for config name sdfgfsedu.internet2.middleware.grouper.internal.dao.GrouperDAOException: Problem in HibernateSession: HibernateSession (3af17271): new, notReadonly, READ_WRITE_NEW, notActiveTransaction, session (611f3ca),Exception in saveOrUpdate: edu.internet2.middleware.grouper.file.GrouperFile, ByObjectStatic, query: ', cacheable: null, cacheRegion: null, entityName: null, tx type: null at edu.internet2.middleware.grouper.hibernate.HibernateSession._internal_hibernateSessionCatch(HibernateSession.java:591) at edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:713) at edu.internet2.middleware.grouper.hibernate.ByObjectStatic.saveOrUpdate(ByObjectStatic.java:363) at edu.internet2.middleware.grouper.internal.dao.hib3.Hib3GrouperFileDAO.saveOrUpdate(Hib3GrouperFileDAO.java:38) at edu.internet2.middleware.grouper.app.reports.GrouperReportLogic.runReport(GrouperReportLogic.java:123) at edu.internet2.middleware.grouper.app.reports.GrouperReportJob.runJob(GrouperReportJob.java:122) at edu.internet2.middleware.grouper.app.reports.GrouperReportJob.execute(GrouperReportJob.java:45) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)Caused by: org.hibernate.exception.ConstraintViolationException: could not execute batch,Exception in save: edu.internet2.middleware.grouper.file.GrouperFile, edu.internet2.middleware.grouper.hibernate.ByObject@6ecfbd24 at org.hibernate.exception.internal.SQLStateConversionDelegate.convert(SQLStateConversionDelegate.java:112) at org.hibernate.exception.internal.StandardSQLExceptionConverter.convert(StandardSQLExceptionConverter.java:42) at org.hibernate.engine.jdbc.spi.SqlExceptionHelper.convert(SqlExceptionHelper.java:109) at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:119) at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.doExecuteBatch(BatchingBatch.java:97) at org.hibernate.engine.jdbc.batch.internal.AbstractBatchImpl.execute(AbstractBatchImpl.java:147) at org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.executeBatch(JdbcCoordinatorImpl.java:214) at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:611) at org.hibernate.engine.spi.ActionQueue.executeActions(ActionQueue.java:456) at org.hibernate.event.internal.AbstractFlushingEventListener.performExecutions(AbstractFlushingEventListener.java:337) at
org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:39) at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1282) at edu.internet2.middleware.grouper.hibernate.ByObject.saveOrUpdate(ByObject.java:395) at edu.internet2.middleware.grouper.hibernate.ByObjectStatic$5.callback(ByObjectStatic.java:376) at edu.internet2.middleware.grouper.hibernate.HibernateSession.callbackHibernateSession(HibernateSession.java:703) ... 7 moreCaused by: java.sql.BatchUpdateException: integrity constraint violation: unique constraint or index violation: GRPFILE_UNIQUE_IDX at org.hsqldb.jdbc.JDBCPreparedStatement.executeBatch(Unknown Source) at com.mchange.v2.c3p0.impl.NewProxyPreparedStatement.executeBatch(NewProxyPreparedStatement.java:2544) at org.hibernate.engine.jdbc.batch.internal.BatchingBatch.performExecution(BatchingBatch.java:110) ... 18 more2021-03-18 04:23:04,018: [DefaultQuartzScheduler_Worker-7] DEBUG EsbConsumer.processChangeLogEntries(550) - - type: consumer, finalLog: false, state: done, consumerName: recentMemberships, totalCount: 4, currentSequenceNumber: null, publisherClass: edu.internet2.middleware.grouper.app.serviceLifecycle.GrouperRecentMembershipsChangeLogConsumer, tookMillis: 1 |
[GRP-3255] Support for RFC4373 "Bulk Update / Replication Protocol" (LBURP) Created: 17/Mar/21 Updated: 17/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Story | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://tools.ietf.org/html/rfc4373 "The Lightweight Directory Access Protocol (LDAP) Bulk Update/Replication Protocol (LBURP) allows an LDAP client to perform a bulk update to an LDAP server." It's supported by eDirectory. I don't know what (if anything) else supports it. |
[GRP-3249] refactor validation in provisioning Created: 17/Mar/21 Updated: 17/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
make sure all validations are called in diagnostics and UI. validate that group UI to require entities exists |
[GRP-3246] add external system to diagnostics Created: 16/Mar/21 Updated: 16/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.45 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3245] add entity to select to diagnostics Created: 16/Mar/21 Updated: 16/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.45 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3235] object type assignment can cause rule issues Created: 13/Mar/21 Updated: 13/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | grouperJiraObjectType.txt |
[GRP-3232] config overrides and threadlocal overrides should be able to override a non ELconfig if the base file has ELconfig Created: 12/Mar/21 Updated: 12/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
it searches all files for ELconfig first! It should look in each file for either EL config or normal config first |
[GRP-3231] should not need a stem lookup to create a stem via WS Created: 12/Mar/21 Updated: 12/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
look that up from the stem to save...
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 12/Mar/21 ] | ||
|
[GRP-3228] add root managers group which can read/update all Created: 11/Mar/21 Updated: 11/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-1575] Attestation view/approve inaccessible for non-wheel users Created: 10/Jul/17 Updated: 10/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.3.0.patch |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From: Redman, Chad We just had our first user get an attestation recertification email, and when they tried to certify, they reported back an error: "etc:attribute:attestation:attestation attribute doesn't exist". The user actually wasn't an admin for the group, but got the email because the address was explicitly set in the Email addresses field. However, in my testing using a non-wheel account, being an admin for the group is not enough. When I gave my non-wheel user admin privileges, I could reproduce the same error. The only way I could get attestation to work was to grant the user read/update on etc:attribute:attestation:attestationDef and etc:attribute:attestation:attestationValueDef. But this is not desirable, as it now allows the user to edit attestation for any group. Am I looking at this the wrong way? Thanks! |
Comments |
Comment by cer28 [ 02/Aug/17 ] |
The users were waiting on a fix for this, so I debugged the source code to figure out exactly what was needed for a regular user to view the attestation or mark it as Reviewed. To view the attestation page: 1) User needs to have Read on etc:attribute:attestation:attestationDef Note that the button to mark it as reviewed shows up for these users, even though they don't have the update privilege that would make it work. They just get a user-unfriendly message about no access to the attribute definition. Checking for the correct permissions before showing the button would be helpful here. To be able to mark the group as Reviewed: 1) User needs to have Read and Update on etc:attribute:attestation:attestationDef To simplify configuration slightly, we created a Readers group and an Updaters group, instead of granting individual permissions to the attribute definitions in etc:attribute. Any users who would be doing any kind of attestation work would be put into one of these groups. It's possible that it's safe to make access to the attribute definitions public, as you can only read or edit groups where you have attribute read/update anyway. We were just playing it safe there for now. |
Comment by Carey Black (osu.edu) [ 10/Mar/21 ] |
The details appear to be different in 2.5.39. Without UPDATE privileges the user can view the attestation information, but not mark the group as attested. Maybe this could be closed?
Might also be related:
|
[GRP-3217] gsh template view details throws exception Created: 05/Mar/21 Updated: 05/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3216] gsh template jexl validations should use the value variable with same type as input type Created: 05/Mar/21 Updated: 05/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3213] During a bulk import ( from the UI/WS ) to group(s) that are loaded by a loader job the loader job should "wait/skip the group" until the import is complete. Created: 04/Mar/21 Updated: 04/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, daemon, UI |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If a user is manually updating a group that is normally loaded via a loader with the "Import function" the loader job should "avoid conflicting" with the change the human/WS is making. I found this while trying to manually correct a group that the loader was not updating due to failsafe limits. I exported the correct current list and imported a file with "Replace existing members?" selected. However during the process the loader job also started "correcting the group" too. So some of my changes became errors in the UI. It would be good to avoid the user confusion and to generally allow the "Human to win". |
[GRP-3212] provisioning metadata booleans should be radios Created: 04/Mar/21 Updated: 04/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3211] use protocol for getting SSL certs in container Created: 04/Mar/21 Updated: 04/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes 12 hours ago
Michael Gettes 12 hours ago Chris Hubing 11 hours ago Michael Gettes 11 hours ago Chris Hubing 11 hours ago Michael Gettes 11 hours ago |
[GRP-3210] Migrate existing subject sources to subject source templates Created: 03/Mar/21 Updated: 03/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
look for subject source in other configs and develop plan, in subject properties and not source-specific, get a handle on what’s out there |
[GRP-3209] make the list of breadcrumb right clickable in the UI to the parts of the folder structure they are for. Created: 03/Mar/21 Updated: 03/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.43 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When you view a group or a stem in the UI the breadcrum links only work if you "left click" on them. Please support right click and "open in a new tab". NOTE: This could be generalized to a request for all "links" too. |
[GRP-3203] subject source wizard attribute format to lower case should default false instead of no default Created: 02/Mar/21 Updated: 02/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3201] change attestation in UI to use the attestation save method chained classes Created: 02/Mar/21 Updated: 02/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3199] allow new composite on group which only has members with delete date Created: 01/Mar/21 Updated: 01/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3197] folder copy (and maybe group copy) has error (maybe with inherited privs) Created: 01/Mar/21 Updated: 01/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-03-01-11-49-29-969.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
copy privs
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
[GRP-3196] folder copy is not copying groups Created: 01/Mar/21 Updated: 01/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-03-01-11-46-38-723.png image-2021-03-01-11-47-43-346.png image-2021-03-01-11-48-26-777.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] |
heres a folder
|
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] |
copy
|
Comment by Chris Hyzer (upenn.edu) [ 01/Mar/21 ] |
groups arent there
|
[GRP-3194] config id must be checked on screen where it is entered Created: 01/Mar/21 Updated: 01/Mar/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-03-01-02-38-21-939.png |
[GRP-3173] write large daemon logs to grouper_loader_log and be able to download Created: 26/Feb/21 Updated: 27/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3177] allow provisionable assignments even if provisioner is not valid. or give good error message Created: 27/Feb/21 Updated: 27/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3176] Help link page text out of date with UI Created: 26/Feb/21 Updated: 26/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | David Malia | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | helplink.png outdated wording.png |
Description |
So I'm finally getting around to upgrading from grouper 2.3, and noticed this in grouper 2.4, and see it still exists in grouper 2.5 looking at the grouperdemo site.
The help link is useful, but it looks like the text is left over from the old Admin UI, and could confuse new users of Grouper. Example: Grouper end-to-end secenarios
That doesn't exist in the current GUI. "Explore" doesn't exist in the current GUI. "Group workspace" doesn't exist in the current GUI., "Entity workspace" doesn't exist either. I'm sure someone proof reading it, can find some other inconsistencies. Could it be added to the todo list to update the text to match the current GUI?
|
[GRP-3175] add inherited privileges to WS Created: 26/Feb/21 Updated: 26/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3166] change container env vars to have GROUPER_ prefix: ENV and USERTOKEN Created: 24/Feb/21 Updated: 24/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
will be backwards compatible |
[GRP-3165] rules dont fire when enabled/disabled changes Created: 24/Feb/21 Updated: 24/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Rules question! I have a rule that is supposed to add a user to group B when they're removed from group A. Works great when I manually remove a user from Group A through UI, but it is NOT triggering when a dated membership expires in Group A. Any ideas? Does the ruleCheckType need to be different?
Also look at flattened... |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 24/Feb/21 ] |
From Brett |
[GRP-3161] add url examples in database external system, or a url builder Created: 22/Feb/21 Updated: 22/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 22/Feb/21 ] |
database driver should not be required |
[GRP-3137] attestation email content (body) should be able to include more details about the group and/or memberships Created: 11/Feb/21 Updated: 21/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.40 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It has been requested that group descriptions could be included in the attestation emails. However, it also would also be useful to support including meta data ( attribute Framework ) values on groups and/or Memberships too. Having a flexible way to configure ( using templates with a set of known objects being passed into the template ) would be much more ideal. Some of the membership details that have been discussed are:
|
Comments |
Comment by Chad Redman (unc.edu) [ 19/Feb/21 ] | |||||
The attestation emails current just enumerate the group/stem items. Do you mean these emails should now list membership data for them? What would you want it to look like? We could add description and group name (the row in the email is using display name). Would member count, last attested date and attested by who be useful? There also isn't a template for the rows; it's just hardcoded to:
| |||||
Comment by Carey Black (osu.edu) [ 21/Feb/21 ] | |||||
Ideally the subject and body would be "template driven" and local deployers could modify the contents. Also being able to control the "count limits", and what would happen when those limits are exceeded, would also be useful too. Having the attestations objects (list of stems, list of groups) available to the global template would allow local modifications to the default emails. Having object level "single object" templates would also allow for end user control of formatting by object too. Being able to use attributes on the objects would also allow for inclusion of other custom data for the objects too. Adding the full text of the descriptions for the stems/groups in the list was one specific ask from my users. |
[GRP-3155] config view should show value of EL (not for password) Created: 18/Feb/21 Updated: 18/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-02-18-13-55-42-440.png |
[GRP-3154] add provisioner option to log errors Created: 18/Feb/21 Updated: 18/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
log the first few errors every time? |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Feb/21 ] |
dont mark job as success if fatal errors |
Comment by Chris Hyzer (upenn.edu) [ 18/Feb/21 ] |
dont print errors in logs for sync objects (red herring) |
[GRP-3150] when looking at provisioner, have edit button (other buttons too?) Created: 15/Feb/21 Updated: 15/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3149] entity group link error should not appear Created: 15/Feb/21 Updated: 15/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Hey - are you around? 2.5.42 is giving me a new error message? |
[GRP-3147] allow loader queries to be longer than 4k Created: 13/Feb/21 Updated: 13/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3144] subject wizard ldap search subject scope has one option Created: 12/Feb/21 Updated: 12/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3143] provisioning metadata should not be assigned if no metadata there Created: 12/Feb/21 Updated: 12/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Shilen Patel (duke.edu)
|
Description |
|
[GRP-3142] deleting an incremental daemon doesnt delete that daemon Created: 12/Feb/21 Updated: 12/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3141] if you edit a provisioning daemon config it doesnt show the provisioner config id Created: 12/Feb/21 Updated: 12/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3140] grouper instrumentation needs to clear out old server names Created: 11/Feb/21 Updated: 11/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-02-11-14-58-24-045.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 11/Feb/21 ] |
|
[GRP-3139] ability to “run loader diagnostics” processes in a CI/CD pipeline Created: 11/Feb/21 Updated: 11/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.40 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If the loader diagnostics could be run from GSH then a CI/CD pipeline could kick of a GSH script and look for SUCCESS/FAILURE conditions.
Slack thread: |
[GRP-3135] Better error message for users not allowed to login to Grouper UI Created: 11/Feb/21 Updated: 11/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Olivier Salaün | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.4 |
Description |
We configured Grouper-UI to borbid access to the GUI unless user is member of a "uiAllow" group:
However when a user tries to login, though he's not listed in the uaAllow group he gets a very generic error message:
Wouldn't it make sense to have a better error message in this case? |
[GRP-3132] attributes where subject has attribute_read should not see it in the results of the combobox while finding attributes to assign Created: 10/Feb/21 Updated: 10/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3131] folder privs should not show inherited attribute read/update if subject has create Created: 10/Feb/21 Updated: 10/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3129] view provisioning on subject throws grouper session error Created: 09/Feb/21 Updated: 09/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Error: There is no open GrouperSession detected. Make sure to start a grouper session (e.g. GrouperSession.startRootSession() if you want to use a root session ) before calling this method, Problem calling method viewProvisioningOnSubject on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2Provisioning |
[GRP-3098] Ability to limit provisioning to specific targets by group for UI Created: 22/Jan/21 Updated: 08/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We have apps that are multi-campus, and many that are not. We would like to prevent some apps from setting up a provisioning target to the "wrong" campus. For example, if I have an LDAP target called "Urbana", I would like to only allow the ability to provision to that target from a special group of admins. Multi-campus app admins might have access to multiple targets and that's OK. I sort of do that now by only permitting a group to have access to the "etc:pspng:provision_to" attribute, however I cannot limit the values that are input so it's "all or nothing". I'm hoping the new provisioning framework could provide a level of access control, not only to provision at all, but to only allow certain targets. |
[GRP-3124] Ability to limit provisioning to specific targets by group for WS Created: 08/Feb/21 Updated: 08/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We have apps that are multi-campus, and many that are not. We would like to prevent some apps from setting up a provisioning target to the "wrong" campus. For example, if I have an LDAP target called "Urbana", I would like to only allow the ability to provision to that target from a special group of admins. Multi-campus app admins might have access to multiple targets and that's OK. I sort of do that now by only permitting a group to have access to the "etc:pspng:provision_to" attribute, however I cannot limit the values that are input so it's "all or nothing". I'm hoping the new provisioning framework could provide a level of access control, not only to provision at all, but to only allow certain targets. |
[GRP-3122] provisioning incrementals finds multiple subjects with same matching id, but they are the same Created: 08/Feb/21 Updated: 08/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.42 |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
10. Entity(matchingId: "yrewini", attr[uid]: "yrewini") |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Feb/21 ] |
Why do multiple entities have the same matching id??? |
[GRP-3121] Duo integration does not support more than one Duo environment ( sub account nor multiple accounts ) in configuration structure Created: 08/Feb/21 Updated: 08/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Duo CLC integration uses "fixed global" configuration keys ( java.properties ) to configure the Duo environment. It would be better if a single Grouper environment could support N Duo environments. |
[GRP-1747] Group 2.3 Function (UI button) --> View Audit Log SQL timeout Created: 27/Apr/18 Updated: 05/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.3.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 3 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chris,
I can inform you that for my search dropping the audit type id produced one more row being returned. "Added attribute assignment"
So as long as the UI can display a row like that. ( or the other audit type id values) then I think that is a good solution. Seeing when attributes are assigned (and which was assigned) would seem like a good thing to see too. – Carey Matthew Black.123@osu.edu
(EDIT: I forgot to explicitly say: * The query performed well. ( < 1 second ) * )
---- From: Hyzer, Chris <mchyzer@isc.upenn.edu> Sent: Friday, April 20, 2018 4:27 PM To: Black, Carey M. <black.123@osu.edu>; Subject: RE: Group 2.3 Function (UI button) --> View Audit Log SQL timeout
Add a jira please, when searching for uuids we don't need use audit_type_id at all, unless someone wants to debate that with me This will be a quick fix...
Can you see if the query is fast without audit type id?
WHERE ( this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string03 = '3574b587e41b46f19c2787ade9ab09ca')
Thanks! Chris
---- From: Black, Carey M. Sent: Friday, April 20, 2018 4:01 PM Subject: [grouper-core] Group 2.3 Function (UI button) --> View Audit Log SQL timeout
I think this is a bug / enchantment request. So let me describe what I see and what I think I know....
Env: Grouper 2.3 on MariaDb ( Version: '10.2.14-MariaDB-log') Special note: " There is one other thing that might be of interest - it has a custom setting of optimizer_search_depth=0" REF: https://mariadb.com/resources/blog/setting-optimizer-search-depth-mysql However I don't think that setting is causing the issue. grouper_audit_entry ( table) has 48 M rows right now. ( not even a full years' worth of an audit.)
When I use the UI, view a group and use the Function (UI button) --> View Audit Log The UI "hangs"... and eventually "times out".
I dropped down to the DB and watched the "process list" and was able to capture the SQL that was running. When I run that SQL "by hand" ... it takes... forever... ( I have not actually waited long enough for it to finish... But I have waited for an hour...)
However, I spoke with a more knowledgeable "not a DBA" person about the query and they suggested something interesting to try... and the query dropped to less than a second to finish!
Grouper generated SQL (formatted for readability instead of a single very long line...) " SELECT this_.id AS id1_10_0_, this_.hibernate_version_number AS hibernat2_10_0_, this_.act_as_member_id AS act_as_m3_10_0_, this_.audit_type_id AS audit_ty4_10_0_, this_.context_id AS context_5_10_0_, this_.created_on AS created_6_10_0_, this_.description AS descript7_10_0_, this_.env_name AS env_name8_10_0_, this_.grouper_engine AS grouper_9_10_0_, this_.grouper_version AS grouper10_10_0_, this_.int01 AS int11_10_0_, this_.int02 AS int12_10_0_, this_.int03 AS int13_10_0_, this_.int04 AS int14_10_0_, this_.int05 AS int15_10_0_, this_.last_updated AS last_up16_10_0_, this_.logged_in_member_id AS logged_17_10_0_, this_.server_host AS server_18_10_0_, this_.string01 AS string19_10_0_, this_.string02 AS string20_10_0_, this_.string03 AS string21_10_0_, this_.string04 AS string22_10_0_, this_.string05 AS string23_10_0_, this_.string06 AS string24_10_0_, this_.string07 AS string25_10_0_, this_.string08 AS string26_10_0_, this_.duration_microseconds AS duratio27_10_0_, this_.query_count AS query_c28_10_0_, this_.user_ip_address AS user_ip29_10_0_, this_.server_user_name AS server_30_10_0_ FROM grouper_audit_entry this_ WHERE ( ( this_.audit_type_id = 'b51cc1fa35e74e9c91042c2b77951695' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '43c9e640be604bfcbe3501a094329381' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'd743e9e2cf484f909707f45e692a7143' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c84718a7d6ed486a8ec729119a414e48' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '6850d73f0cdc4b769e738df4321c1c7c' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '78d1dc004f624e1cb2e3b000d55fb739' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c5ed9cd3208a487187c22e788c5d252f' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '78d1dc004f624e1cb2e3b000d55fb739' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b51cc1fa35e74e9c91042c2b77951695' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '43c9e640be604bfcbe3501a094329381' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '6850d73f0cdc4b769e738df4321c1c7c' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c6169fb1308547a6b23bd8f83429e934' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '7c90939f260a4c4ba13b521ac456f3cb' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'cf7260265907443bbdb02314d9ce2ffc' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c5ed9cd3208a487187c22e788c5d252f' AND this_.string03 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '4432fe9a76b74d818595e60c7d17a3b8' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'cd273399dd9944e09d132b5bb3f9e0e9' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b3812b8c15b5421db52cfd4af1ee5817' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'f487688c07ee40f7beee911d51ead17c' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'cf7260265907443bbdb02314d9ce2ffc' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'f33ae045bd284dbc9a7e965dba1dccf5' AND this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'b3812b8c15b5421db52cfd4af1ee5817' AND this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '6f5a24dee4c34f8e8b4a77dddf814f0c' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'a0ec507ee6f14cf587e3a513c4217c43' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = 'bbec1c063df04e949fbffbd1fc5f2f39' AND this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' AND this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' ) ) ORDER BY this_.last_updated DESC LIMIT 50 "
However, if that where clause is rearranged to ( our improved version ) : " WHERE ( this_.string04 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string02 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string01 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string06 = '3574b587e41b46f19c2787ade9ab09ca' OR this_.string03 = '3574b587e41b46f19c2787ade9ab09ca') AND ( ( this_.audit_type_id = 'b51cc1fa35e74e9c91042c2b77951695' ) OR ( this_.audit_type_id = '43c9e640be604bfcbe3501a094329381' ) OR ( this_.audit_type_id = 'd743e9e2cf484f909707f45e692a7143' ) OR ( this_.audit_type_id = 'c84718a7d6ed486a8ec729119a414e48' ) OR ( this_.audit_type_id = '6850d73f0cdc4b769e738df4321c1c7c' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' ) OR ( this_.audit_type_id = '78d1dc004f624e1cb2e3b000d55fb739' ) OR ( this_.audit_type_id = 'c5ed9cd3208a487187c22e788c5d252f' ) OR ( this_.audit_type_id = '78d1dc004f624e1cb2e3b000d55fb739' ) OR ( this_.audit_type_id = 'b51cc1fa35e74e9c91042c2b77951695' ) OR ( this_.audit_type_id = '43c9e640be604bfcbe3501a094329381' ) OR ( this_.audit_type_id = '6850d73f0cdc4b769e738df4321c1c7c' ) OR ( this_.audit_type_id = 'c6169fb1308547a6b23bd8f83429e934' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' ) OR ( this_.audit_type_id = '7c90939f260a4c4ba13b521ac456f3cb' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' ) OR ( this_.audit_type_id = 'cf7260265907443bbdb02314d9ce2ffc' ) OR ( this_.audit_type_id = 'c5ed9cd3208a487187c22e788c5d252f' ) OR ( this_.audit_type_id = '4432fe9a76b74d818595e60c7d17a3b8' ) OR ( this_.audit_type_id = 'cd273399dd9944e09d132b5bb3f9e0e9' ) OR ( this_.audit_type_id = 'b3812b8c15b5421db52cfd4af1ee5817' ) OR ( this_.audit_type_id = 'f487688c07ee40f7beee911d51ead17c' ) OR ( this_.audit_type_id = 'b68b2c7742a34acebc5216b29605da56' ) OR ( this_.audit_type_id = 'cf7260265907443bbdb02314d9ce2ffc' ) OR ( this_.audit_type_id = 'f33ae045bd284dbc9a7e965dba1dccf5' ) OR ( this_.audit_type_id = 'b3812b8c15b5421db52cfd4af1ee5817' ) OR ( this_.audit_type_id = '6f5a24dee4c34f8e8b4a77dddf814f0c' ) OR ( this_.audit_type_id = 'c9d6606c5cc34e93aca63c7673bf3db7' ) OR ( this_.audit_type_id = 'a0ec507ee6f14cf587e3a513c4217c43' ) OR ( this_.audit_type_id = 'bbec1c063df04e949fbffbd1fc5f2f39' ) OR ( this_.audit_type_id = '7d1806d5d17f46ecb222901ad6f2bcde' ) ) " NOTE: The " this_.audit_type_id " part does have some dups in it. So it could be even shorter... NOTE: I understand that the select is not strictly "identical". ( technically) However, the audit_type_id value appears to be a foreign key from grouper_audit_type. I think the general idea of the select is to show all of the audit_type_id (values of interest) for the (in this case) "Group ID" that gets stuffed into the various String* columns. ( Why the groupID ends up in various columns... I don't know.. but I will assume there is a good reason for that .... variety.)
With this where clause the query returned in less than 100 ms !
So I am not sure where that query is constructed, or how to start to track it down... but I think it should be "reordered" so that it can work at scale. – Carey Matthew Black.123@osu.edu
|
Comments |
Comment by Carey Black (osu.edu) [ 05/Feb/21 ] |
This continues to be an issue.
I was able to capture a "long running search" again and found that it took over 4 minutes to complete. ( Clearly not acceptable for any user. Nor the UI/browser timeout limits.) I did a bit more playing with the SQL and I have verified these three things about the SQL that is being issued. 1) The current form is awful for performance. (now in container v2.5.39 using MariaDb ) where this_.audit_type_id in ('e4777eaa26b7409faa7952cdc7aad732','7373ed10d2ac4e28b6cb381fff852b9e','2fe264e912374e45b95f8467df272e8a','bb256be86bc345ec8cda51edd775b8ba','6850d73f0cdc4b769e738df4321c1c7c','e55e2e4502c94d34b3ec92ded0527d03','cd7e6bbd0ca64098826555740fb88312','43c9e640be604bfcbe3501a094329381','8f016b70706b4966b82d981fdd6d6c02','b51cc1fa35e74e9c91042c2b77951695','78d1dc004f624e1cb2e3b000d55fb739','b3812b8c15b5421db52cfd4af1ee5817','cf7260265907443bbdb02314d9ce2ffc','98b9e51894644776bd06a0796754666c') AND ( this_.string02='c142418a606547baa9b2e3250c3f0131' or this_.string01='c142418a606547baa9b2e3250c3f0131' or this_.string04='c142418a606547baa9b2e3250c3f0131' ) order by this_.last_updated desc limit 50 I don't know about the current version of Hibernate in the project, however, it looks like some version do support list of values being searched using the IN operator. |
[GRP-3117] grouper sqs should take in region Created: 04/Feb/21 Updated: 04/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Paul Rubenis Yesterday at 5:02 PM Carey Black 8 hours ago |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/Feb/21 ] |
env var might work too
https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html
|
[GRP-3116] UI function to union/complement an id list with a group, without needing to create a temp group Created: 03/Feb/21 Updated: 03/Feb/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.0 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
To answer a policy question of which users from a list are in a group, the ways right now are (a) database query, (b) gsh script, or (c) create a temp group. Creating a temp group is the one way that normal users can use, but requires them to be able to create a group. Also, even for admins is extra steps to create a group to do the action, then delete it 10 seconds later.
|
Comments |
Comment by Chad Redman (unc.edu) [ 03/Feb/21 ] |
(d) export the group list, then compare in Excel. Normal users could do this one even if they can't create a group. |
Comment by Chris Hyzer (upenn.edu) [ 03/Feb/21 ] |
This already exists. There is an advanced membership query option where you setup the composites and who can use them. Let me know if you can’t find the docs for that |
Comment by Chris Hyzer (upenn.edu) [ 03/Feb/21 ] |
Should we put a link here and resolve this or is there something different needed? |
[GRP-3107] Azure provisioner supply groupName or mailNickName JEXL via Attribute value/string Created: 28/Jan/21 Updated: 28/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
To create a new transformation of the group and email JEXL naming, I have to create a whole new set of parameters in grouper-loader.properties, and create another attribute to connect them. I then have to bounce the daemon container to make those take effect. I now have several different "profiles" to satisfy customer requirements. I feel like this would be more flexible if I could just specify the JEXL within a folder's assigned attribute, say "etc:attribute:o365:mailNickNameJexl". Then tell the config to use the value supplied in this attribute, rather than the one hard-coded in the grouper-loader.properties. This would allow me to centrally manage fewer attributes/configs, yet allow flexibility to the distributed admins to control the naming conventions needed for their folders to sync. |
[GRP-3104] Misc --> "All daemon jobs" filter option: List all jobs with a failure status between a Start and End date/time value Created: 28/Jan/21 Updated: 28/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.40 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It can be hard to find "errors logs"/"messages" for jobs that failed in the past. The ability to have those surfaced by 'status' and 'date' would be very helpful. |
[GRP-2398] scheduler check should (un)schedule grouper loader other job changes Created: 01/Nov/19 Updated: 28/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I added an other job to database configuration. then i ran the scheduler check. it didnt schedule this job. i started a daemon, then it scheduled it.
Would be nice to move in the direction where restarts (or just starts) arent required when changes to configs happen. Wonder if the scheduler daemon should do this (runs every 30 minutes), but also in the UI when the loader config is changed by the UI or import in UI, it could call the method too so the user doesnt have to wait 30 minutes? |
Comments |
Comment by Shilen Patel (duke.edu) [ 01/Nov/19 ] |
Yup that makes perfect sense to me. Right now, most of the jobs only get scheduled/unscheduled when the daemon is started. Especially now with the config changes, a restart shouldn't be required. So doing what you suggest sounds right to me. |
Comment by Chris Hyzer (upenn.edu) [ 28/Jan/21 ] |
Shilen, does the scheduler check daemon do this or is it a manual process (button on daemon screen)?
|
[GRP-3094] unescape $newline$ when editing configs in ui Created: 19/Jan/21 Updated: 27/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
replace \n with $newline$ when putting in textfield. maybe if there are newlines it should be textarea |
[GRP-3095] UI sorting of LDAP subject search results from a "free form" search Created: 21/Jan/21 Updated: 21/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Tim Darby | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.5.39 |
Description |
University of Arizona's subject source is LDAP. When adding a member to a group in the UI, the "search on an entity" feature returns a list of CNs for people that don't appear to be in any particular sort order. looking at the various properties in subject.properties and grouper-ui.properties, I don't see a way to specify a particular LDAP attribute that can be used for sorting this results of this search. We use this for the free form search in subject.properties: |
[GRP-3092] folder privs more actions button blank Created: 18/Jan/21 Updated: 18/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2021-01-18-18-19-07-594.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Jan/21 ] |
|
[GRP-3091] Support unlimited count of favorites Created: 13/Jan/21 Updated: 13/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
REF: Grouper UI favorites and preferences user data. |
[GRP-3089] Advanced Membership UI: Ability to create a group based on the filtered result set. Created: 12/Jan/21 Updated: 12/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The new filtering is very valuable/helpful. And it would be even more helpful if the results could be "saved as a new group". ( or maybe "exported as a list of identifiers" ?) A rough idea of how the UI might work: Add a feature to: |
Comments |
Comment by Carey Black (osu.edu) [ 12/Jan/21 ] |
Bonus idea: |
[GRP-3086] Grouper Local Auth ( and the GrouperClient ) Created: 08/Jan/21 Updated: 08/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be useful if: A) User could use the UI and establish a personal WS password/certificate. D) A way to configure an auto expire ( time limit/bound ) the password/certificate. E) Still require the user to be authorized to use WebServices. (AKA: grouper-ws.properties:ws.client.user.group.name ) Similar/Related to |
Comments |
Comment by Carey Black (osu.edu) [ 08/Jan/21 ] |
OH… and another detail…. |
[GRP-3085] Is there a way to send an email to the member who was just added to the group? Created: 07/Jan/21 Updated: 07/Jan/21 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Rule question: RE: Email notification on flattened membership add to group |
[GRP-3078] If external system test has multiple errors, UI only shows latest one Created: 31/Dec/20 Updated: 31/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I am guessing that GuiScreenAction.newMessage() doesn't stack?
edu/internet2/middleware/grouper/grouperUi/serviceLogic/UiV2ExternalSystem.java:525
|
[GRP-3077] When importing members into a group, OK button on the progress screen does not work Created: 31/Dec/20 Updated: 31/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.40 |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When importing members into a group, OK button on the progress screen does not work |
[GRP-3076] add provisioning configuration validation Created: 29/Dec/20 Updated: 29/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.40 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3074] when filling out the provisioning form, focus on the field that caused ajax, for accessibility Created: 24/Dec/20 Updated: 24/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.40 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3066] configuration "more" button for long values should be a readonly textarea Created: 21/Dec/20 Updated: 21/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently you can edit it |
[GRP-3063] add shib libraries to library path Created: 18/Dec/20 Updated: 18/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Shilen Patel Today at 8:21 AM |
[GRP-3059] create a periodic report that finds similar ref / basis groups Created: 17/Dec/20 Updated: 17/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
for instance see if multiple employee groups exist that are the same or very similar |
[GRP-3054] Show progress on large reference group additions Created: 15/Dec/20 Updated: 15/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.36, 2.5.37, 2.5.39 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Liam Hoekenga (umich.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When deletions take a long time, the UI will display a message... The delete operation is still being processed... We've noticed when adding large reference groups to composite groups via the UI, the browser will spin for exactly 3 minutes, and then return to the UI having made no obvious changes. If you wait an "appropriate" amount of time and then check the UI, the change will have been made. Please consider adding a message similar to the deletion message. As it is now, the user doesn't know that their change wasn't just eaten and may try it repeatedly. |
[GRP-3045] Grouper report incorrectly reports NON-SUCCESS for in progress jobs Created: 04/Dec/20 Updated: 04/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.37 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Grouper report will show "NON-SUCCESS" for jobs that are "in progress" at the time of the report run. The report is run daily at 07:00. The most common offender is the 'MAINTENANCE_grouperReport', but other jobs that also start at the same time of the report show up from time to time too. ( including custom jobs and other "built in jobs" like: MAINTENANCE_rules , OTHER_JOB_timeDaemon, etc...) I suggest the two approaches be taken to improve the usefulness/accuracy of the report. 1) "error: null" should be reported as "unknown" instead of "NON-SUCCESS" ( or maybe reported as "in progress" instead of based on any "completion status". And it would also be useful if... 2) The report job could "sleep ( a new config value?) and check those jobs again" to try to give the "in progress jobs" sometime to complete. Yet, they still could be "unknown" after the sleep too. And that might be a good error condition to report. |
[GRP-3044] grouper ws replace should throw error if user cannot READ Created: 03/Dec/20 Updated: 03/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2485] diagnostics with automatic quartz cron parsing and better thresholds Created: 13/Dec/19 Updated: 02/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Shilen Patel (duke.edu)
|
Description |
e.g. if not overriden A job that runs every 0-5 min, needs to have a SUCCESS within X (30 minutes?) A job that runs every 5-30, needs to have a SUCCESS within Y (60 minutes?) Anyways go through some rules iike that and have rules...
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 02/Dec/20 ] |
Carey Black 15 minutes ago Chris Hyzer 3 minutes ago |
[GRP-3042] Group Membership delta with or restore from Point in Time data..... Created: 02/Dec/20 Updated: 02/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.37 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be amazing to be able to: A) find and report on deltas (adds and removes) for group memberships with a previous Point in time for the group. ( What happened since....) B) full reset the membership to match a previous Point in time set. ( time machine ) C) Add missing from a previous Point in time set to the current set. ( restore lost souls without removing adds since the Point in time ) D) remove added since a previous Point in time set from the current set. ( remove erroneous adds without undoing removes since the Point in time ) Maybe a delta UI ( table ) could be created ordered by time with columns/buttons to auto select all "adds" or "removes". With two buttons to "undo" (adds) and/or "restore" (removes) based on the selected rows from the table. |
[GRP-3011] The “Search results” panel seems to not keep the 'Filter for' value and produces confusing results for the user. Created: 06/Nov/20 Updated: 01/Dec/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Search for anything in the upper right hand corner. Say the string “foo”. Actually I think the 'Filter for' value is being “reset” to “Everything” after every search. So set it to “Folders” click search. |
Comments |
Comment by Chad Redman (unc.edu) [ 01/Dec/20 ] |
Never mind, I had a typo in my search which explains lack of results
|
[GRP-3035] add a monitor to detect churn in attributes or memberships Created: 23/Nov/20 Updated: 23/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | membershipChurn.jpg |
Description |
e.g. if a loader is adding members and another is removing |
[GRP-3029] escape single quotes in logout url Created: 23/Nov/20 Updated: 23/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.38 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3027] document how to add a cert to the trust store in the container Created: 19/Nov/20 Updated: 19/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Do we need to mount cacerts?
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 19/Nov/20 ] | |||||
Note, this is for example useful when an LDAP doesnt have a cert that is chained from Java | |||||
Comment by Chris Hyzer (upenn.edu) [ 19/Nov/20 ] | |||||
| |||||
Comment by Chris Hyzer (upenn.edu) [ 19/Nov/20 ] | |||||
Have a folder in container where "pem" files can be added to JVM | |||||
Comment by Chris Hyzer (upenn.edu) [ 19/Nov/20 ] | |||||
have an env var: GROUPER_QUICKSTART_ONLY_TRUST_SSL_ENDPOINTS=a.b.c:636,d.e.f:443 it can get the cert and put in trust store, a little easier, a little less secure? for quick start option, recommended is download file | |||||
Comment by Chris Hyzer (upenn.edu) [ 19/Nov/20 ] | |||||
-e GROUPER_EXTRA_CATALINA_OPTS='-Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts -Djavax.net.ssl.trustStorePassword=password' tho, if you put that in there, I get this if I connect to the daemon container… |
[GRP-3025] Visualization show recent memberships relations Created: 18/Nov/20 Updated: 18/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Show the relationship between a recent membership group and the group it pulls from. Maybe different arrows for whether it includes current members? |
[GRP-3024] loader ldap groups from attributes needs like string required Created: 17/Nov/20 Updated: 17/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3023] gsh runoncebyjobname doesnt work for pspng full sync since its not an "otherjob" Created: 16/Nov/20 Updated: 16/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3017] add container version and maven version in diagnostics page Created: 10/Nov/20 Updated: 10/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford 3 hours ago
Chris Hyzer 1 minute ago |
[GRP-3014] upgrade tomee to 7.0.9 Created: 08/Nov/20 Updated: 08/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.38 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2549] Audit does not capture all direct Membership adds Created: 09/Jan/20 Updated: 05/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Steps to reproduce ( on v2.4 demo server) userFolders:black.123@osu.edu:rules:StartGroup ruleActAsSubjectId = GrouperSystem userFolders:black.123@osu.edu:rules:Second GroupStartGroup "audit log" shows me adding you as a member. ( 2020/01/09 04:13 AM ... Uh... what TZ is that? should be 2020/01/08 23:13 EST. Hum...) I really wanted to mark this as "blocking". ( It is preventing me from using rules to add memberships at this time. ) However, it is a feature that I am not yet dependent on, |
Comments |
Comment by Carey Black (osu.edu) [ 05/Nov/20 ] |
bump? |
[GRP-3010] apache ssl stapling error Created: 05/Nov/20 Updated: 05/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
self signed cert? grouperScriptHooks.sh
|
[GRP-3009] upgrade apache, 2.4.6 is old Created: 05/Nov/20 Updated: 05/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-3008] apache timeout to ajp Created: 04/Nov/20 Updated: 05/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
This is an intermittent error. I click around, and then I get a UI error, and apache turns off for 60 seconds, then its back in business. 2.5.37, AWS, ECS, fargate. Error:
Link https://github.com/PTAnywhere/ptAnywhere-api/issues/19 |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/Nov/20 ] | ||||||||||||||||||||||||
this is something we tried at penn, but didnt work, in grouperScriptHooks.sh
| ||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 05/Nov/20 ] | ||||||||||||||||||||||||
| ||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 05/Nov/20 ] | ||||||||||||||||||||||||
Carey Black 10:01 PM https://stackoverflow.com/questions/23709832/ap-proxy-connect-backend-disabling-worker-for-127-0-0-1 | ||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 05/Nov/20 ] | ||||||||||||||||||||||||
| ||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 05/Nov/20 ] | ||||||||||||||||||||||||
Now I get: [proxy:error] [pid 166:tid AH00959: ap_proxy_connect_backend disabling worker for (localhost) for 0s | ||||||||||||||||||||||||
Comment by Chris Hyzer (upenn.edu) [ 05/Nov/20 ] | ||||||||||||||||||||||||
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass Adding status=+I
|
[GRP-3007] Fix source code links in Javadoc site Created: 04/Nov/20 Updated: 04/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | wiki |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The Source Code Management links to github in the javadoc site (https://software.internet2.edu/grouper/doc/2.5.x/grouper-parent/index.html) are going to https://github.com/Internet2/grouper which is incorrect. It should be including .../tree/<branch>/...
|
[GRP-3006] import of csv should allow group names specified Created: 01/Nov/20 Updated: 01/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Carey Black (osu.edu) [ 01/Nov/20 ] |
Source was a slack conversation about membership CSV import in the UI being expanded to support import of memberships into multiple groups from a single CSV. However, another "CSV" file variation would be to support creation of multiple groups from a CSV file too. ( Again useful for initial population/conversion and/or periodic manual re-sync processes done by "non-grouper admin" ) |
[GRP-3005] import from csv should allow mappings of columns Created: 01/Nov/20 Updated: 01/Nov/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2998] Daemon job page get job links working in new tab Created: 22/Oct/20 Updated: 22/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.36 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The daemon jobs page has a list of jobs, but to see the logs for a job you need to click on the link. The links only work when you click them directly. If you right click and open in a new tab, it's just another copy of the daemon jobs page. Also applies to the job options in the pull down menus. |
[GRP-2995] ui-ws does not turn shib on Created: 20/Oct/20 Updated: 20/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2960] add dynamic update of grouper_ddl to end of ddl scripts Created: 22/Sep/20 Updated: 20/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
HSQL:
update grouper_ddl set db_version = 30, last_updated = to_char(CURRENT_TIMESTAMP, 'YYYY/MM/DD HH24:mi:DD'), history = substring((to_char(CURRENT_TIMESTAMP, 'YYYY/MM/DD HH24:mi:DD') || ': upgrade Grouper from V' || db_version || ' to V30, ' || history) from 1 for 3500) where object_name = 'Grouper';
MYSQL:
update grouper_ddl set db_version = 30, last_updated = date_format(current_timestamp(), '%Y/%m/%d %H:%i:%s'), history = substring(concat(date_format(current_timestamp(), '%Y/%m/%d %H:%i:%s'), ': upgrade Grouper from V', db_version, ' to V30, ', history), 1, 3500) where object_name = 'Grouper';
ORACLE:
update grouper_ddl set db_version = 30, last_updated = to_char(systimestamp, 'YYYY/MM/DD HH12:MI:SS'), history = substr((to_char(systimestamp, 'YYYY/MM/DD HH12:MI:SS') || ': upgrade Grouper from V' || db_version || ' to V30, ' || history), 1, 3500) where object_name = 'Grouper';
POSTGRES:
update grouper_ddl set db_version = 30, last_updated = to_char(current_timestamp, 'YYYY/MM/DD HH12:MI:SS'), history = substring((to_char(current_timestamp, 'YYYY/MM/DD HH12:MI:SS') || ': upgrade Grouper from V' || db_version || ' to V30, ' || history) from 1 for 3500) where object_name = 'Grouper'; |
[GRP-2988] make custom ui for logged in user more obvious Created: 14/Oct/20 Updated: 14/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Yes I'm the logged in user (as Grouper Admin), so the "For logged in user" column makes sense to me. I assumed the "Result" column was for the student I selected to view. I have a variable cu_duo_AllowedToManage. I just assumed it would be false in this case for the student record. (edited)
10:55 Chris Hyzer 10:59 AM Erik Coleman 11:21 AM Chris Hyzer 11:26 AM Erik Coleman 11:28 AM |
[GRP-2987] Visualization for Privileges Created: 14/Oct/20 Updated: 14/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful to be able to visualize and through the privileges that a Grouper access control policy has over other grouper objects. Displaying: It would be helpful if that "picture" could also be created as a "Report" as well. |
[GRP-2984] Allow a configuration option on a Member to alter the subject that is given "Admin" privileges on objects they create. Created: 13/Oct/20 Updated: 13/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI, WS |
Affects Version/s: | 2.5.35 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently: When a Subject creates an object in Grouper the system currently assigns "Admin" privileges to that subject if they do not already get "Admin" from inherited privileges to the new object.
Proposed: It would be helpful, for many use cases, if a Member ( Grouper local cache of the Subject ) could have a configuration that would request that a different Subject be used instead of themselves.
This would be effective with or without Inherited Privileges and should be used drive towards a "group" instead of a "person" being privileged to all objects.
Example cases: Subject is an "Admin" of a single application in Grouper. A WebService account (acting on behalf of a connected application/service)
All things they create should default to being owned by a group (Subject) that manages that application instead of the direct subject that created the object.
It would also be helpful if this could be a "list" of values for users who manage more than one application in Grouper. (A "default" could be identified for a Member too.) The UI could default to the default value and allow the user to select from the list of configured values before/during the create process. WS could allow the user to supply a value during create or use the configured default value.
It would also be helpful if the default value could be selected based on "location in Grouper" too. (An attribute on a parent stem could help with the selection of the correct value for a Subject. ) |
[GRP-582] sync set tables Created: 18/Mar/11 Updated: 12/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | HEAD |
Type: | New Feature | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Should there be a script or loader job to sync the set tables in case they get out of sync? |
Comments |
Comment by Shilen Patel (duke.edu) [ 16/Oct/19 ] |
This has come up again. Currently thinking that the bad membership finder should sync all set tables. |
Comment by Chris Hyzer (upenn.edu) [ 12/Oct/20 ] |
[GRP-2977] allow status diagnostic types to be specified by url and not param Created: 07/Oct/20 Updated: 07/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
some load balancers can do question marks |
[GRP-2972] grouper loader tab when no admin group gives stack Created: 05/Oct/20 Updated: 05/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2971] daemons should have descriptive comments Created: 03/Oct/20 Updated: 03/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
the list is confusing. comments should be searchable |
[GRP-2970] Loader exemption to fail-safe Created: 02/Oct/20 Updated: 02/Oct/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Justin Robinson (iu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When a fail-safe is set, it applies generally to all groups meeting the min criteria. Some loaders have an expectation to completely replace members on a regular cycle. In these cases, the threshold is tripped and changes do not flow through. The threshold check has performed flawlessly, but the resulting membership will not get updated until an administrator lets it through. For these cases it would be ideal to have a mechanism where a loader can be exempted from fail-safe checks. |
[GRP-2967] When exporting config files, do export passwords that are expression language Created: 26/Sep/20 Updated: 26/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When exporting config files, do export passwords that are expression language |
[GRP-2966] Change enable/disable groups to just act on memberships Created: 24/Sep/20 Updated: 24/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The idea is that the only impact on a disabled group is that the memberships on the group are disabled. This would still send a change log event for the group being disabled/enabled and consumers can do something with that if they choose. |
[GRP-2965] Attestation should optionally disable Memberships that are not attested after a grace period Created: 24/Sep/20 Updated: 24/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Attestation should have a second "time frame" for "how long a membership should stay active after it requires attestation.
Example: Group needs attestation on 2020/09/01. Group is configured with a "attestation membership grace period" of "15" "days". ( would like to have optional units of ( "hours", "Days", "Months", "Years" ). And value ranges that start at a value of "zero" (numeric value). When the group is marked "needs attestation" then the Membership disable date should be set to "now"+ "attestation grace period". And ( special case ) if "attestation grace period" = "zero" then disable the Memberships now. When a group is attested and ( there is a membership grace period value in the attestation and the disable Membership date matches the date set by that math ) then clear the disable date for those memberships. I also noted a comment in the 2020/02/19 Group Call minutes that said this:
" Please make sure that those users that can "attest" the group can continue to "attest a disabled group too". ( So they can "get it to be re-enabled" the memberships that were disabled by the grace period expiration. ) [ Or maybe that should be an additional option in the attestation feature? to Allow/Deny that function on "attestation of a disabled group"? ] |
Comments |
Comment by Carey Black (osu.edu) [ 24/Sep/20 ] |
Note: It might also be useful to have attestation work on an individual Membership level instead of at the group level. ( So each Membership might have its own attestation date for the group. ) |
[GRP-2964] UI Config not sorting all values properly... Created: 23/Sep/20 Updated: 23/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.35 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | 2020-09-23_leftOutSome_otherJob_keys.png |
Description |
"Other jobs" section does not list all keys starting with "otherJob.". Some are left for the "Remaining config" section. |
[GRP-2962] remove tomee ROOT directory Created: 23/Sep/20 Updated: 23/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
/opt/tomee/webapps/ROOT |
[GRP-2957] grouper running as tomcat user has apache error on startup Created: 21/Sep/20 Updated: 21/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Carey Black (osu.edu)
|
Description |
Carey Black 10:01 AM |
[GRP-2956] Add user audit when enabling/disabling daemon jobs Created: 16/Sep/20 Updated: 17/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Also document everything that's audited on the wiki? |
Comments |
Comment by Carey Black (osu.edu) [ 16/Sep/20 ] |
Maybe you could move it to a Grouper Attribute on the group? ( That is already audited by default and would get PIT data in place too.... ) |
[GRP-1825] descriptions of folders/groups/attributes/etc should format somehow Created: 15/Jun/18 Updated: 16/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
maybe replace newlines with br's? or if there are newlines then preformatted? not sure |
Comments |
Comment by mchyzer [ 15/Jun/18 ] |
maybe have a better way to document folders |
Comment by Richard Frovarp (ndsu.edu) [ 16/Sep/20 ] |
This would be nice to have. The top of the description can be less technical. The lines below that could be more technical for various audiences reviewing. As mentioned in Slack, some more powerful processing options would be nice. Instead of just saying: Grants access to Bedework, one could turn that into a link to Bedework. |
[GRP-2853] groovy gsh NPE Created: 22/Jun/20 Updated: 15/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | gsh |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Francesco Malvezzi (unimore.it) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Linux grouper22 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2 (2020-04-29) x86_64 GNU/Linux |
Description |
After upgrading to grouper-2.4 from grouper-2.3 groovy gsh is stuck with:
By adding "gsh.useLegacy = true" in grouper.properties it works. 1) how to specify subjectIdToFindOnCheckConfig to avoid the stacktrace on startup? 2) which configuration files would you need to figure out the NPE?
thank you,
Francesco Malvezzi
|
Comments |
Comment by Francesco Malvezzi (unimore.it) [ 29/Jun/20 ] | |||||
the stacktrace at startup was a mistake in the searchbase. The correct way to specify the findSubjectByIdentifierOnCheckConfig param in subject.properties is: subjectApi.source.example.param.findSubjectByIdentifierOnCheckConfig.value = false (if your LDAP source is name example).
Unfortunately, after fixing the startup issues, the groovish gsh still exits with: **
| |||||
Comment by Francesco Malvezzi (unimore.it) [ 15/Sep/20 ] | |||||
Please feel free to close this issue. Just moving forward to grouper-2.5.33 solved my problems. Maybe an unclean environment was to be blamed. |
[GRP-2953] UI for attribute assignments on attributes should "pad" in a column for "Group" to keep the values and columns alligned Created: 09/Sep/20 Updated: 09/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | 2020-09-09_2.5.29.attr_assignment_on_assignment_with_values.png |
Description |
The "Attribute Assignments" table that is show when assigning attributes to a Membership needs a bit of padding/spacing to make it make sense.
The "Enabled?" column sometimes has the "Assignment values" because there is no "Group" value for some rows. |
[GRP-2952] Improve performance of object types on new stem/group create Created: 09/Sep/20 Updated: 09/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.33 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When creating a new stem or group, the object type logic is a performance hit that is noticeable on slower networks. On object creation, the logic looks through the tree of parent stems to see if there are any object types to copy to the new object. However, it does this by looping through each of the object types, for each of the stems. Each time, it does a lookup on the object type attributeDefs, which is cached, but still called potentially hundreds of times. Even when it's cached, it still goes through privilege checking to make sure the user has access to it. This could be improved by:
|
[GRP-2950] ddl deep check does not add views Created: 04/Sep/20 Updated: 04/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey Crawford 1:39 PM Jeffrey Crawford 2:04 PM Chris Hyzer 2:10 PM Jeffrey Crawford 2:12 PM
|
[GRP-2946] grouper installer installContainer should chmod o+w on logs dir so container can access in certain envs (e.g. windows wsl) Created: 03/Sep/20 Updated: 03/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2944] There is a group that is used as a Deny group for 3644 composite groups. I can navigate to the folder with the group. But when I try to "open the group".... the browser "times out" at exactly 60 seconds. Created: 02/Sep/20 Updated: 02/Sep/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I have stumbled into an odd thing in my prod instance. There is a group that is used as a Deny group for 3644 composite groups. I can navigate to the folder with the group. But when I try to "open the group".... the browser "times out" at exactly 60 seconds. NOTE: I believe there are no members in the group. Any ideas on how to "fix that"? So it tops this query.. |
[GRP-2845] JDBCSourceAdapter2 and getSubjectIdentifierAttributesAll breaks subject cache Created: 11/Jun/20 Updated: 26/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | subject API |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Zachary Hanson-hart | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
master branch on gitlab, 2.5.29 image, presumably previous versions as well. |
Attachments: | [GRP-2845].patch |
Description |
The JDBCSourceAdapter2 falls back to the JDBCSourceAdapter implementation of getSubjectIdentifierAttributesAll, which uses config parameters that aren't loaded by JDBCSourceAdapter2, resulting in getSubjectIdentifierAttributesAll to always only return the subject ID. This causes problems in the subject cache leading to errors like: In subject source: personSource the identifier: 'xxxx' can find subject: 'yyyy', but the attribute for that identifier is not configured in the subject source. In order for caching to be effective, please list all identifier attributes in the subject source. You can configure to suppress this log message in subject config. For the JDBCSourceAdapter2, there is no way for this to be accomplished with the current code. Implementing getSubjectIdentifierAttributesAll for the jdbc2 adapter is easy, so I'll implement and submit a PR on gitlab. |
Comments |
Comment by Jonathan Johnson (unicon.net) [ 26/Aug/20 ] |
For some reason, my PR attempts are giving me line ending problems. I've attached the patch |
[GRP-2939] PITAttributeDefFinder method symmetry broken compared to AttributeDefFinder Created: 20/Aug/20 Updated: 20/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
PITAttributeDefFinder has 6 methods AttributeDefFinder
I was specifically working on a changeLogConsumer and wanted to use PITAttributeDefFinder.findByNameAsRoot(...) But it does not exist. Maybe there was a shift in how these "Finders" were intended to be used but all the Finders did not get the same attention? |
[GRP-2936] delete large group can cause errors Created: 17/Aug/20 Updated: 17/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
[GRP-2931] add allowedRequestAttributesPattern to ajp connector Created: 10/Aug/20 Updated: 10/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
allowedRequestAttributesPattern=".*" {{}} |
[GRP-2927] Nesting privilege sets of groups ( instead of members of a group ) Created: 08/Aug/20 Updated: 08/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
A new feature that would open up many more possibilities with Grouper: Sometimes it is useful to be able to add "Admins of Group X" to another group. However, the only current way to achieve that is to only have "one group that is admin" on "Group X" and then to add that group. However, if a Group's membership in another group could be of a flavor like: Then as the "updaters" are added to via normal Grouper Privilege management on the group the right access controls would continue to flow for the "updaters". |
[GRP-2925] recent memberships should not use a view which is built on top of another view Created: 07/Aug/20 Updated: 07/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
mysql doesnt like that |
[GRP-2924] add tomee option in container for address to listen on Created: 07/Aug/20 Updated: 07/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
in server.xml address="" |
[GRP-2923] deleting folder in ui can crash container Created: 05/Aug/20 Updated: 05/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Zachary Hanson-Hart
|
[GRP-2835] automate CSV group load Created: 02/Jun/20 Updated: 04/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Tommy Doan | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Can group load from CSV be automated? That could be helpful for us, and save having to setup an ETL job through a different team to load the data into a database first. |
Comments |
Comment by Chad Redman (unc.edu) [ 04/Aug/20 ] |
Take a look at the Wiki page at https://spaces.at.internet2.edu/display/Grouper/Grouper+loader+with+CSV+data+sources. The csvjdbc driver in particular is easy to set up and works well with simple queries. This does work as a grouper-loader connection, so that loader jobs can be used against specific csv files within a single folder defined in the connection. All you need to do is add the csvjdbc jar to the libraries and set up the connection. You can try it with gsh first, to confirm whether it will work with the queries you want. |
[GRP-2919] Support assigning Azure Administrative Unit in group creation Created: 04/Aug/20 Updated: 04/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently in public preview, Azure AD supports the concept of groups being assigned to administrative units, a means to assign administrative control. We would like to be able to delegate Grouper's control of groups using this method, rather than have full Group read/write role in the entire tenant (a security recommendation). We basically need another changelog consumer parameter to specify an administrative unit (perhaps by ID), which then could be used after creating the group to assign the administrative ID to a group. In Microsoft Graph, the operation would be like this: {{Http request POST /administrativeUnits/{Admin Unit id}/members/$ref }} {{Request body { "@odata.id":"https://graph.microsoft.com/beta/groups/ {id}" }}}
|
[GRP-2917] add zoom user deprovisioning Created: 03/Aug/20 Updated: 03/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2916] add zoom loader for user types Created: 03/Aug/20 Updated: 03/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2915] add zoom loader for roles Created: 03/Aug/20 Updated: 03/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2914] add zoom loader for groups Created: 03/Aug/20 Updated: 03/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2913] jdbc source adapters cant have more than one subject identifier to cache Created: 03/Aug/20 Updated: 03/Aug/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2904] addSubjectAttributes not seen in attribute messages Created: 28/Jul/20 Updated: 28/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.5.32 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
containers |
Description |
i have a desire to show the subjectId of an attribute assignment in messages sent. I have set “changeLog.consumer.rabbit.publisher.addSubjectAttributes = netId” but I do not see the netId from my subject source in these messages. I have confirmed I see netId in membership messages. |
[GRP-2902] add helper views for custom ui for membership analysis Created: 26/Jul/20 Updated: 26/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Audit memberships
mship help
mship
imm disabled date
|
[GRP-2901] grouper loader in threads does not run as GrouperSysAdmin Created: 23/Jul/20 Updated: 23/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Beth Halsema Today at 10:17 AM
3 replies Chris Hyzer 5 minutes ago Beth Halsema 2 minutes ago
you dont have to add GrouperSysAdmin to any of those groups, this is a bug. We can fix this in the next release. As a workaround set grouper-loader.properties loader.use.groupThreads = false Beth Halsema 2 minutes ago |
[GRP-2900] ChangeLogEvent should be able to get to AuditEntry that created it. Created: 22/Jul/20 Updated: 22/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The edu.internet2.middleware.grouper.changeLog.ChangeLogEntry has the "contextId" value for the action that created the ChangeLogEntry. However, there appears to be no "obvious" way to get the corresponding edu.internet2.middleware.grouper.audit.AuditEntry. Maybe the ChangeLogEntry could have a new method ".getAuditEntry()" that would return the indicated AuditEntry object? It also might be helpful if there were also a generic way to "find AuditEntry object(s)" by only the "contextId" value too. Maybe the edu.internet2.middleware.grouper.audit.UserAuditQuery should support something like ".addAuditTypeFieldValue("contextid", "xxxxxxx")" or maybe a list of "contextId" values to build a report specific to a set of contexts? |
[GRP-2731] ddl history says 62 instead of 32 Created: 01/May/20 Updated: 22/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.34 |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
2020/04/30 13:55:49: upgrade Grouper from V31 to V62, |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 04/May/20 ] |
not able to reproduce this... maybe it is already fixed? need to know what version this was going from and to |
Comment by Chris Hyzer (upenn.edu) [ 20/May/20 ] |
upgrade from 2.4 to reproduce |
[GRP-1807] grouper folder names limited to 255 but should be longer Created: 14/May/18 Updated: 22/Jul/20 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | 2.5.34 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From: Rory Larson rlarson1@unl.edu
This is only a demo for now, and certainly I can abbreviate if necessary. But having to do so seems to defeat the purpose of having a full name. The project is to build an institutional hierarchy from the top university level down to the bottom-level department or reference group eight or ten levels deep, and some offices/departments/programs tend to have rather lengthy names, since there is no common English word by which to call them. But I would imagine that political sensitivities might be ruffled if I start chopping the names of people’s favorite departments down to something reasonable.
It’s not a huge issue at the moment, but I did want to get a feel for where things stood on this. Is that a varchar-256 limitation that can’t be made bigger because it would double the size of the database?
Thanks, Rory
From: Hyzer, Chris <mchyzer@isc.upenn.edu>
I Created a 2.2 extension longer than 50… but yes looks like there is a full name constraint of 256... can you abbreviate somehow?
test:x123456789012345678901234567890123456789012345678901234567890:y123456789012345678901234567890123456789012345678901234567890:z123456789012345678901234567890123456789012345678901234567890:a123456789012345678901234567890123456789012345678901234567890
From: grouper-users-request@internet2.edu [grouper-users-request@internet2.edu] On Behalf Of Rory Larson
Hello,
Using the UI for Grouper 2.2, I'm trying to mock up a fairly deep tree of administrative hierarchy, and it looks like I'm running into limits on name length. For an immediate folder name, it seems that the entry box cuts you off at 50 characters. For the fully scoped name, I seem to be hitting a limit of about 250 or 256 characters, beyond which it simply fails to create the folder and gives an error message.
I was wondering if anyone would care to comment on this. Is this an intentional constraint to meet a resource trade-off? Is it a limit that can be modified locally, or is it baked into Grouper? Will these limits continue into future versions of Grouper?
Thanks, Rory
|
Comments |
Comment by mchyzer [ 14/May/18 ] | ||||||||||||
In order to make this work you need to change the three cols in the grouper_stems table to be 1024 (name, display_name, alternate_name), and if mysql you need to drop and recreate the indexes to be partial indexes since max index size in mysql. Here is example mysql DDL, though, it might be different in your database. I generated this with sqlyog.
| ||||||||||||
Comment by mchyzer [ 14/May/18 ] | ||||||||||||
you need to set this in the grouper.properties
| ||||||||||||
Comment by mchyzer [ 14/May/18 ] | ||||||||||||
fixed in patch: grouper_v2_3_0_api_patch_105 |
[GRP-2329] UI loader job does not select all valid PSPNG ldap configurations Created: 18/Sep/19 Updated: 22/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | 2.5.34 |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
REF: " If you use .ldapUrl, for instance, you can't create an LDAP loader job from the UI. It's looking for ".url" not ".ldapUrl" so the paragraph won't be visible. Note the pattern on 286 in GrouperLoaderContainer.java. " |
Comments |
Comment by Carey Black (osu.edu) [ 22/May/20 ] |
I suggest a single consistent set of properties be chosen by the project and that the consistencies include all "target systems". |
[GRP-2896] driver is not required in database config, or needs more documentation Created: 21/Jul/20 Updated: 21/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2889] grouper installer does not install the container Created: 20/Jul/20 Updated: 20/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
~ $ docker logs gsh /usr/local/bin/entrypoint.sh: line 14: [: too many arguments /usr/local/bin/entrypoint.sh: line 22: exec: gsh -registry -check -runscript -noprompt: not found executing gsh -registry -check -runscript -noprompt |
[GRP-2779] review unit tests, can we integrate in test-compose? Created: 10/May/20 Updated: 20/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.31 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hubing (internet2.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Grouper+v2.5+container+unit+tests |
[GRP-2885] Configuration UI sorting, grouping and filtering Created: 16/Jul/20 Updated: 16/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Erik Coleman (illinois.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be more helpful if there was a way to do any of the following in the configuration UI: (A) Filter only on certain filled-in attributes, such as only those in database, or in .properties file and/or the ability to suppress anything with <NotSet>. (B) Sort parameters alphabetically. There seems to be randomness in how they are sorted. (C) Group together all parameters by subclass. ie., changelog.consumer.<consumerID> or subjectAPI.source.<sourceid> params are sometimes together, but some others are way at the bottom of the list, in no particular order. Would be nice to be able to see (or even visually collapse) the list of params specified for a particular subject source. |
[GRP-2883] Subject API backed by local RDMBS cached data Created: 15/Jul/20 Updated: 15/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | subject API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jeffrey F Williams: (paraphrase) Carey Black: I would loose the "instant discovery" of hitting the LDAP source directly, but I would gain the ability to stash more attributes too. And in Jeffrey's case, he could create a view that would auto include the Manager details with the "employee" data too. ( Views are really good at join conditions. Ldap filter, not so much. ) @mchyzer If you want to make an enhancement.... Ready to bump the Subject api from v1 ? |
[GRP-2881] simple new LDAP provisioner Created: 10/Jul/20 Updated: 10/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Shilen Patel (duke.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2871] Grouper provisioner configuration UI tasks Created: 03/Jul/20 Updated: 03/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Implement https://spaces.at.internet2.edu/display/Grouper/Grouper+generic+provisioner+UI+tasks |
[GRP-2868] add obliterate to stem delete WS Created: 01/Jul/20 Updated: 01/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Jonathan Stout Today at 2:20 PM
2 replies Erik Coleman 4 minutes ago Jonathan Stout 3 minutes ago |
Comments |
Comment by Carey Black (osu.edu) [ 01/Jul/20 ] |
Shudder... The idea of a program going wild and obliterating the wrong thing... Ugh. ( Can that WS be the first one that can be disabled too? ) |
[GRP-2867] Show membership create date and who created the membership on the "Edit membership and privileges" sub page Created: 01/Jul/20 Updated: 01/Jul/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It is really hard to find who created a membership and when the membership was created in the UI. One place it could be surfaced would be the "Edit membership and privileges" sub page. That page already gets data about the subject ( Unique ID, Email, Name, Description ) and shows any 'Start date' or 'End date' for the membership. I would like to see the create date and who created the membership as well. Or it could be added to the group member List in "advanced" mode? |
[GRP-2866] show group loader info with different access level Created: 30/Jun/20 Updated: 30/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
(matt) While you are doing docs.... can you answer this question?When I ( wheel ) look at a group populated by a loader job I see:"This group is managed by loader group... It was last fully loaded on Tue Jun 30 15:53:31 EDT 2020. Summary is: total: 95 inserted: 0 deleted: 0 updated: 0"But "normal users" don't see that info?!! Can that be extended to normal users too? It appears that you need to be "admin" on the group to see the line of info. |
[GRP-2865] subjectId (not identifier) required in hasMember Created: 30/Jun/20 Updated: 30/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
{ }
content type: application/json; charset=UTF-8
{"WsRestResultProblem":{"resultMetadata": {"success":"F","resultCode":"EXCEPTION","resultMessage":"Problem with request: uri: /grouper-ws/servicesRest/v2_4_000/groups/penn:isc:ait:apps:dreamFactory:service:policy:dreamFactoryActive/members, method: POST, decoded url strings: 0: 'v2_4_000', 1: 'groups', 2: 'penn:isc:ait:apps:dreamFactory:service:policy:dreamFactoryActive', 3: 'members',\nedu.internet2.middleware.grouper.ws.exceptions.WsInvalidQueryException: The field 'subjectId' is required\n\tat edu.internet2.middleware.grouper.ws.util.GrouperServiceUtils.pickOne(GrouperServiceUtils.java:305)\n\tat edu.internet2.middleware.grouper.ws.rest.GrouperServiceRest.hasMemberLite(GrouperServiceRest.java:600)\n\tat edu.internet2.middleware.grouper.ws.rest.method.GrouperWsRestGetGroup$1.service(GrouperWsRestGetGroup.java:95)\n\tat edu.internet2.middleware.grouper.ws.rest.method.GrouperWsRestGet$1.service(GrouperWsRestGet.java:125)\n\tat edu.internet2.middleware.grouper.ws.rest.method.GrouperRestHttpMethod$1.service(GrouperRestHttpMethod.java:57)\n\tat edu.internet2.middleware.grouper.ws.rest.GrouperRestServlet.service(GrouperRestServlet.java:202)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:741)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat edu.internet2.middleware.grouper.ws.GrouperServiceJ2ee.doFilter(GrouperServiceJ2ee.java:969)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat edu.upenn.isc.proxyWrapper.ProxyWrapperFilter.doFilter(ProxyWrapperFilter.java:50)\n\tat org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)\n\tat org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)\n\tat org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)\n\tat org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)\n\tat org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)\n\tat org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)\n\tat org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)\n\tat org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)\n\tat org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:476)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n\tat java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.lang.Thread.run(Thread.java:748)"},"responseMetadata":{"serverVersion":"2.4.0","millis":"5"}}} |
[GRP-2860] group filter should allow ad hoc group that the use can READ Created: 25/Jun/20 Updated: 25/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2859] group filter should have option to not return group objects Created: 25/Jun/20 Updated: 25/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2020-06-25-14-11-42-382.png |
Description |
the "group filter" in the group membership list to not return group subjects, only non group subjects? i.e. if someone is deprovisioning, and looks for people not active, and it returns policy groups, then they could accidentally remove the group, know what i mean? maybe its a training issue and just a point of confusion... but just thinking out loud about a request from a user at penn. i.e. the three groups in the list below wouldnt show up can this be an option in config?
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Jun/20 ] |
|
Comment by Chris Hyzer (upenn.edu) [ 25/Jun/20 ] |
i would think option would default to true |
[GRP-2858] add rule if enum for if group has membership (immediate or effective) Created: 25/Jun/20 Updated: 25/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
thisGroupHasEnabledMembership also, what is difference between "thisGroup" or "group" |
[GRP-2857] Users with "Create" privileges in a folder can see "Reports" on the "More Actions" button.. .only leads to an error message. "Error: not allowed to administer folder:" Created: 25/Jun/20 Updated: 25/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When a user with only "Create" privileges on a folder try to use the "Reports" function on the "More Actions" ( menu/button ) the user is given an error of: If the user can not use the option, then it should be suppressed from the UI for the user. |
[GRP-2854] too many queries when creating group Created: 23/Jun/20 Updated: 23/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | first-jstack.rtf second-jstack.rtf |
Description |
Hi Chris, I hope you're doing well. We are planning to put Grouper in prod this week, but suddenly started noticing major performance issues in our test env primarily when creating new groups (either individually or as part of a template). For example it takes about 20 sec to create a new empty group (no members) and several minutes to create a new app template structure. Our DBA enabled profiling and says the query (below) is run 3000 times when a new group is created in the UI. I did recently change the subject db connection settings from to the loader.properties file settings you mentioned in the forums and a lot of new groups were created to handle grouper->google provisioning, but those provisioner Google settings are not currently in this env. I have also noticed the following null attribute entries in the INFO logs: Hib3AttributeDefNameDAO.findByIdSecure(160) - - AttributeDefName not found: null. I tried enabling debug but it was so chatty and I'm really not seeing any errors on the Grouper side at all. Do you have any ideas what might be causing this or tips to point me in the right direction? Thanks for your help! ---- Query running 3,000 times — – |
[GRP-2850] grouper ddl when "etc" folder is moved need to be adjusted Created: 16/Jun/20 Updated: 16/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2320] ability to limit daemon jobs by host/process Created: 11/Sep/19 Updated: 15/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.3.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 2 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Because some jobs ( CLC, OtherJob, PSPNG, etc...) need more RAM/CPU it would be helpful to be able to partition jobs into "sets" and have some daemon instance only process jobs from some of those sets. Being able to control this can be a cost savings to deployments. ( Especially if they are a cloud based deployment where RAM and CPU equates directly to money. Spent.)
Example. If there are one (or more) large loader job that takes 3 GB of ram to cache/load data into memory then those jobs require the "high water mark" of Ram and could be identified as a set. (let's call that set "large") However, it is also possible that there are lots of other tasks/jobs that only require "1 GB" of ram. (let's call that set "normal") The "normal" jobs could be run on on more daemon's with smaller hardware size/scale OR on the "large" daemon loaders too. However, if the "Large" job is run on a "small" daemon then it would fail with not enough RAM, or end up swapping to disk and performing very badly at best. |
[GRP-2847] Grouper provisioner configuration in UI Created: 15/Jun/20 Updated: 15/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Implement https://spaces.at.internet2.edu/pages/viewpage.action?pageId=168693840 and https://spaces.at.internet2.edu/display/Grouper/Grouper+LDAP+provisioner+in+v2.5 |
[GRP-2725] update pit memberships view to show valid rows Created: 28/Apr/20 Updated: 11/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g.
|
[GRP-2842] Move check config items to upgrade tasks so check config isn’t run on every startup Created: 10/Jun/20 Updated: 10/Jun/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2834] support "dark mode" in chrome Created: 31/May/20 Updated: 31/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Michael Gettes 10:11 AM
Carey Black 10:19 AM Michael Gettes 10:22 AM |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 31/May/20 ] | ||||||
I think something like this needs to happen though it didnt work
|
[GRP-2622] more tab with loader option should only show for grouper admins Created: 25/Mar/20 Updated: 29/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
When I attempt to view the loader of a group, I get Error: Problem calling method loader on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2GrouperLoader |
Comments |
Comment by Olivier Salaün [ 29/May/20 ] | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
We have the same issue with Grouper 2.4.0 (grouper_v2_4_0_api_patch_89.state grouper_v2_4_0_ui_patch_55.state).
User has a Synchronization submenu in "more info" tab, but when he follows the link to operation=UiV2GrouperLoader.loader he gets an error "Erreur: Problem calling method loader on edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2GrouperLoader". Extract from the grouper logs:
|
[GRP-2832] workflow , approval ... membership audit row does not show who approved the membership. ( It is blank. ) Created: 28/May/20 Updated: 28/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, workflow |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Critical |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Audit log information for a membership created as the result of an approval flow does not document who created the membership. Audit issues like this are "blockers" for my use of any feature. |
[GRP-2831] Instrumentation throws an error Created: 27/May/20 Updated: 27/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.5.29 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
2020-05-27T12:26:23+00:00 WS:test java.lang.RuntimeException: Multiple assignments exist: AttributeDefName[name=etc:attribute:instrumentationData:instrumentationDataInstanceLastUpdate,uuid=1060747341184983b8e41163da900eec], assign, AttributeAssign[id=739ebf3c09a54eb2a2e5183207cc2895,action=assign,attributeDefName=etc:attribute:instrumentationData:instrumentationDataInstances:e1bb4d6518bb4ad7822b642e78db0a79, |
[GRP-2828] auto stop or restart daemon when not doing work after X days Created: 26/May/20 Updated: 26/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, daemon |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The “finding a window to restart” is the fundamental issue - we shouldn’t have to find a window - but have a capability where grouper daemons would restart when not in the middle of doing work. it could be they just "restart" or “end” and it is the responsibility of the container orchestration to start another. Could be possible to stop or restart to be triggered based on "signal" from user somehow
Note, this could be for UI/WS/Scim also |
[GRP-2826] make gsh addGroup idempotent (and other operations?) using GroupSave Created: 24/May/20 Updated: 24/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2822] in installer for installing container ignore sources.xml line Created: 23/May/20 Updated: 23/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Note: you need to change the search sql in the jdbc source in the grouperApi/conf/sources.xml... the change is in the comments in that file |
[GRP-2821] grouper database migration should drop foreign keys and indexes first Created: 22/May/20 Updated: 22/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Granted it does not delete data though... assumes empty tables
Alex Poulos 1 hour agoAlex Poulos 1 hour agolooks like it got blocked by mail filter: can you send it to me on slack (or box/dropbox, etc.)?
Alex Poulos 3 minutes agok, got a full stack here for you. |
[GRP-2819] allow consistent formats of image and css overrides Created: 22/May/20 Updated: 22/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I just re-checked... I have the property css.additional=grouperExternal/public/assets/css/umt_grouper_overrides.css so that's good... the html source that comes up has this ref: Chris Hyzer 5:01 PM Josh O'Dowd 5:08 PM Josh O'Dowd 5:20 PM 5:23 Josh O'Dowd 5:35 PM |
[GRP-2818] messaging to ws bridge not work for multiple configs Created: 21/May/20 Updated: 21/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
this looks like it would only process the last one
|
[GRP-2816] address tomee errors on startup Created: 21/May/20 Updated: 21/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There are some ERROR level logs during TomEE startup, all related to TagLib, like this: |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 21/May/20 ] |
Andy Morgan 9 hours ago
Andy Morgan 8 hours ago Andy Morgan 8 hours ago Andy Morgan 8 hours ago Chris Hyzer < 1 minute ago |
[GRP-2815] add ability to set log level in container, adjust defaults Created: 21/May/20 Updated: 21/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Andy Morgan 14 minutes ago Andy Morgan 14 minutes ago Andy Morgan 13 minutes ago Chris Hyzer < 1 minute ago |
[GRP-2814] config custom tag should have nowrap on the required indicator Created: 20/May/20 Updated: 20/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | image-2020-05-20-18-43-28-241.png |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 20/May/20 ] |
|
[GRP-2812] tomcat can wait until other services are up before starting Created: 20/May/20 Updated: 20/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Chris Hyzer(opens in new tab) May 14th at 4:57 PM Chris Hubing(opens in new tab) 10 hours ago Chris Hubing(opens in new tab) 10 hours ago Chris Hyzer(opens in new tab) < 1 minute ago |
[GRP-2810] allow overlays of script hooks Created: 20/May/20 Updated: 20/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
first step is copy script hooks file in workflow
|
[GRP-2808] add container option to change users when running tomcat as user e.g. in demo server Created: 19/May/20 Updated: 19/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2801] provide ability to turn off full-sync of groups during pspng incremental Created: 15/May/20 Updated: 15/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
provide a switch to turn off fullsync within the PSPNG incremental consumer. i have several groups of roughly the same size (460k sourced from elsewhere) and when pspng thinks something is wrong (which is almost always) a fullsync takes about 45m so the incremental comes to a screeching halt. I run full-syncs every night - they take about 50m. The idea is to let every other aspect of pspng continue but when a fullsync is sparked within the incremental (i am hoping we can discern this) (gettes) |
[GRP-2791] starting from gsh does not initialize database connections correctly Created: 13/May/20 Updated: 15/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
WARNING: named-config with name 'dbConn1' does not exist. Using default-config. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 15/May/20 ] |
Shilen Patel(opens in new tab) 1 day agoShilen Patel(opens in new tab) 1 day agoThis is a bit strange on an instance that's using Oracle as its db and working otherwise. (I'll look more later but just fyi)
Shilen Patel(opens in new tab) 1 day ago2020-05-13 16:03:50,704: [DefaultQuartzScheduler_Worker-9] ERROR ConfigPropertiesCascadeBase.logError(1022) - - Error checking for changes in configs (will use previous version): grouper.propertiesjava.lang.RuntimeException: Problem reading config: 'database:grouper' at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase$ConfigFile.retrieveContents(ConfigPropertiesCascadeBase.java:755) at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.filesNeedReloadingBasedOnContents(ConfigPropertiesCascadeBase.java:1147) at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.retrieveFromConfigFileOrCache(ConfigPropertiesCascadeBase.java:1089) at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.retrieveConfig(ConfigPropertiesCascadeBase.java:105) at edu.internet2.middleware.grouper.cfg.GrouperConfig.retrieveConfig(GrouperConfig.java:357) at edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.membersFlashCacheableBySubjectId(Hib3MemberDAO.java:1223) at edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.membersFlashCacheRetrieveBySubjectId(Hib3MemberDAO.java:1349) at edu.internet2.middleware.grouper.internal.dao.hib3.Hib3MemberDAO.findBySubject(Hib3MemberDAO.java:300) at edu.internet2.middleware.grouper.MemberFinder.internal_findOrCreateBySubject(MemberFinder.java:710) at edu.internet2.middleware.grouper.MemberFinder.internal_findBySubject(MemberFinder.java:626) at edu.internet2.middleware.grouper.MemberFinder.internal_findBySubject(MemberFinder.java:611) at edu.internet2.middleware.grouper.GrouperSession.start(GrouperSession.java:486) at edu.internet2.middleware.grouper.GrouperSession.startRootSession(GrouperSession.java:426) at edu.internet2.middleware.grouper.GrouperSession.startRootSession(GrouperSession.java:444) at edu.internet2.middleware.grouper.app.loader.GrouperLoaderJob.execute(GrouperLoaderJob.java:89) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)Caused by: java.lang.RuntimeException: error at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigMap(ConfigDatabaseLogic.java:341) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigInputStream(ConfigDatabaseLogic.java:157) at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase$ConfigFileType$1.inputStream(ConfigPropertiesCascadeBase.java:588) at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase$ConfigFile.retrieveContents(ConfigPropertiesCascadeBase.java:748) ... 16 moreCaused by: java.lang.RuntimeException: No suitable driver found for jdbc:oracle:thin:@host:port:IMSPRD at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigLastUpdatedFromDatabaseHelper(ConfigDatabaseLogic.java:1253) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigLastUpdatedFromDatabase(ConfigDatabaseLogic.java:1201) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveOrCreateLastUpdatedRecord(ConfigDatabaseLogic.java:369) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigMap(ConfigDatabaseLogic.java:288) ... 19 moreCaused by: java.sql.SQLException: No suitable driver found for jdbc:oracle:thin:@host:port:IMSPRD at java.sql.DriverManager.getConnection(DriverManager.java:689) at java.sql.DriverManager.getConnection(DriverManager.java:247) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.connection(ConfigDatabaseLogic.java:638) at edu.internet2.middleware.grouperClient.config.db.ConfigDatabaseLogic.retrieveConfigLastUpdatedFromDatabaseHelper(ConfigDatabaseLogic.java:1227)
Chris Hyzer(opens in new tab) 1 day agosee your connect string is messed up... why?
Shilen Patel(opens in new tab) 1 day agoi removed the host/port. other than that, i think the connect string is good?
Chris Hyzer(opens in new tab) 1 day agothis might be the same problem as the GSH database one: https://todos.internet2.edu/browse/GRP-2791 IF you can reproduce this that would be good. I think it has to do with the client and the API getting database configs a little differently and we need to harden that so it gets connections from the API each time and the client doesnt ever try to do its thing when running with the API...
Shilen Patel(opens in new tab) 17 hours agook (and i haven't seen that error again even after restarts) |
[GRP-2796] provide an option such that when i select a folder/group from the graph ui that it opens it in a new window? Created: 14/May/20 Updated: 14/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.28 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Please, provide an option such that when i select a folder/group from the graph ui that it opens the folder/group in a new window? |
[GRP-2794] grouper_loader_log start/stop/other operations Created: 13/May/20 Updated: 13/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | 2.5.27 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From Slack: a capability to allow creating/updating entries in the grouper loader log Michael Gettes Today at 17:13 |
[GRP-2792] add ability to decrypt file in container e.g. for ssl keys Created: 13/May/20 Updated: 13/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2605] Selecting a group from the graph UI fails to display the group Created: 27/Feb/20 Updated: 12/May/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0 |
Fix Version/s: | 2.5.28 |
Type: | Bug | Priority: | Major |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
latest image: a93u56w11p12 |
Issue Links: |
|
Description |
viewing the graphUI (visualization) and i select a group from the UI and I get a blank-ish page (header only) and the following in the log: 2020-02-27T18:18:08+00:00 UI:dev httpd;access_log;grouper_dev;ui;10.247.10.209 - gettes@ufl.edu [27/Feb/2020:13:18:08 -0500] "POST /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 200 55 "https://groups-dev.it.ufl.edu/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=ajaxError" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.100 Safari/537.36 OPR/67.0.3575.31" |
Comments |
Comment by Chad Redman (unc.edu) [ 12/May/20 ] |
Duplicated by GRP-2753. The underlying issue was creating a grouper session outside of a try/finally block. |
[GRP-2616] Add optional Content-Security-Policy header to UI Created: 17/Mar/20 Updated: 12/May/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.0 |
Fix Version/s: | 2.5.28 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The Content-Security-Policy header tells the browser which external sites a page is allowed to access for css, javascript, images, etc. It can get flagged by security scans as missing. Tomcat by default sets some reasonable security headers, but the CSP isn't one of them, or even supported at all at the server level. Everyone needing this in Tomcat is expected to write their own servlet filter to add it.
|
Comments |
Comment by Chad Redman (unc.edu) [ 17/Mar/20 ] | ||||||||||||||
This is the csp header that is working for us at UNC. Grouper needs inline javascript including evals.
| ||||||||||||||
Comment by Chad Redman (unc.edu) [ 07/May/20 ] | ||||||||||||||
This could have been done with a grouper property, and then adding some code in GrouperUiFilter to add the header. But creating a separate Filter class is more effective, because it can be configured to apply to all pages, not just the ones covered by the GrouperUiFilter. To enable, add this to web.xml:
|
[GRP-2753] Visualization can't open object through links Created: 05/May/20 Updated: 12/May/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0.patch, 2.5.0 |
Fix Version/s: | 2.5.28 |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
I thought I had added the visualization links to the CSRF whitelist, but I don't see it. This needs /grouperUi/app/UiV2Visualization.groupView?* added to the whitelist, and then the errors should stop. |
Comments |
Comment by Chad Redman (unc.edu) [ 06/May/20 ] |
The real issue was that it was starting a new Grouper static session. Through a lot of dependent code, this caused the json builder for ajax to convert the user to a member, which had memberships, which threw errors when calling EVERY get method on a membership. Solution seems to be to put the session in a try/finally block. |
[GRP-2700] get memberships member paging first page is size 1 Created: 20/Apr/20 Updated: 12/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 12/May/20 ] |
hmmm, i wrote this test in 2.5.27 which does not fail:
GrouperServiceLogicTest.testGetMembershipsPagingForMember |
[GRP-1285] move javadoc links from the wiki to grouper.io Created: 21/Apr/16 Updated: 12/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | wiki |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Documentation | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
look on Grouper wiki for Java doc links and change them to https://internet2.github.io/grouper/ |
Comments |
Comment by Chad Redman (unc.edu) [ 25/Aug/19 ] |
May need an admin to do a global find and replace. I don't think I have this feature. For WS the changes to make are:
From: https://cdn.rawgit.com/Internet2/grouper/master/grouper-ws/grouper-ws/doc/api/XXXX.html?view=co From: http://anonsvn.internet2.edu/cgi-bin/viewvc.cgi/i2mi/trunk/grouper-ws/grouper-ws/doc/api/XXXX.html
But should also look for any other references to http://anonsvn.internet2.edu which are broken links. Links to cdn.rawgit.com may not need changing, since no other javadoc besides WS is in the main branch (that I know of) |
Comment by Chad Redman (unc.edu) [ 12/May/20 ] |
New permanent link is homepage: http://software.internet2.edu/grouper/doc/master/grouper-parent/index.html . The github.io links should be replaced with a redirect |
[GRP-2778] review re-org container commit Created: 10/May/20 Updated: 10/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | container |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hubing (internet2.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
please review last commit to v2.5.28 container which re-orgnizes files and completes a lot of recent requests |
[GRP-2775] group restore and graph counts over time. Created: 08/May/20 Updated: 09/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.27 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
from slack: |
Comments |
Comment by Carey Black (osu.edu) [ 09/May/20 ] |
I generally like this whole idea. What I am concerned about is the complexity of "time travel". RE: 1) a “point in time” restore. If the "restore to T3" was selected then the process would create new events ( changes to the group ) of Basically "automatically pressing the "undo" button on events from the PIT log of group. And the new events would be sent to CLC as "normal". Then you end up with a branch in the timeline at T2 where a new "T6" starts. If you then "rewiind" to T1 at some later date I would think that T3,T4 and T5 should NOT be in the "undo button of events" list. ( But they would be in the linear timeline from T100 back to T1. ) So maybe it could be done.. if a PIT is marked as "already undone" then it could be skipped later...... I guess I think this really should be the same as "3) “play backward”" IMO. If the point of "restore to a point in time" is to just "get the old list of members" an "replace the group with that set" Then lots of "add/removes" might be skipped which could break CLC's until a "full sync" process squares things up again. And if that is the desire... then how about a way to "export members to file from a Point in time"? Then the user could "throw file at server" or figure out the delta and do something else on the remote side too. If there was also a "delta between point in time X and point in time Y" that could be helpful to see the "adds/removes" across time. ( And might be helpful to correct errant systems due to other kind of "external to Grouper" issues. ( System restore due to external systemDB failure, etc...) RE: 2) “play forward” |
[GRP-2777] Rules that set disabled/enabled dates need to support partial "days" Created: 08/May/20 Updated: 08/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 3 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
[https://spaces.at.internet2.edu/display/Grouper/Grouper+rules+use+case+-+Disabled-date+activation+when+added+to+same+group
You should be able to disable/enable a membership in less than a "full day". |
[GRP-1465] Folder/Group Structure template Created: 18/Jan/17 Updated: 08/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
All (Feature request) |
Description |
It would be very helpful if a Grouper install could be configured to have a set of "predefined structures" that could be used to quickly create a new variant of that predefined structure. I am trying to use "folder1:XXX" to show relitive group/folder names" and "REF:...: " to show absolute references to things outside the scope of "folder1:..." A very simple example of a template: This is a single folder template. ( but it could be a structure of folders) The "folder1:Users" group is a subtraction of "folder1:Allowed" - ( folder1:App Exclude Group + REF:REF2:REF4:REFN...:"master Exclude group") Folder1
The string for "Folder1" would be definable as the "New template" is created in the UI. [ It would be great if the strings could have a "variable replacement model" It would also be greate if ANY name in the template should support this kind of "place holder"/"Prompt string" concept. And the value should only be prompted for once. AKA: only one "New App Name" value will be collected, but it will be substituted into as many folder/groups/attribute values where the $$$New App Name$$$ exists in the template. However, the sub groups/folders and their predefined permissions (relative to "Folder1") would not be editable during the creation of the "APP-BOBsApp" folder. And the predefined members of other groups outside of "Folder1" would be auto added to the new folder/groups being built. This would allow a "Grouper Admin" to "template" a structure (of folders/groups) that would be created (new) or referenced existing (hard coded from outside of "folder1"). This "Template" could be identified as a "folder" (or Group) template. Then Users who are allowed to "Add" (group or folders) could select a template in the "Add a new Folder/Group/Template" process. If the logic is done generically enough, an "Extract Template" could also be added to use existing folder/group structures to create a new Template too. ( Basically clone what exists, make relative reference where possible and leave all other "external refs" in tact as "hard coded" pointers in the template. A Grouper Admin could then refine/correct the template as needed to make it more generally useful.) I am picturing a "template" folder/branch similar to the Grouper Administration -->attribute folder to store the template definitions and allow the Grouper Admins to edit/maintain them there. |
[GRP-2766] provide for deleting empty groups in UI Created: 07/May/20 Updated: 07/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.27 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
From Slack: |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 07/May/20 ] |
can you please give a specific flow of what screen and button and text and options the user should see? Thanks! |
[GRP-2770] review recent commits to grouper container Created: 07/May/20 Updated: 07/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hubing (internet2.edu) [ 07/May/20 ] |
They seem ok to me. Commit to a non-prod looking branch and let Jenkins do its build, test and push. And, I can test it. |
[GRP-2761] add the ability to stash all custom files/configs into the DB. Created: 07/May/20 Updated: 07/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Major |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If then the setup/customization's/maintenance of the image would become be greatly reduced for deployers. ( since all the data/files are in the DB instead of the image. ) Off the top of my head I can think of these items as examples:
Also ( maybe ) the ability to reset a local auth password ( from the DB config data) on startup could be useful too. ( Thinking about that one special "when everything else can't login" account....) There likely need to be a way to "skip this step" on INITIAL container startup too. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 07/May/20 ] |
Chris Hubing (internet2.edu) please give feedback and assign back to me |
Comment by Chris Hubing (internet2.edu) [ 07/May/20 ] |
It's an interesting idea and seems like it would take more work in the upstream Grouper code than the container (e.g. interface to upload the logo). Some initials thoughts: If this could make a breaking change, someone would to know how to revert the db instead of just a config file in version control (maybe it's not that big of a deal if you're doing decent DB snapshots). SQL injection could cause an attacker to be able to insert something that could be copied out to somewhere on the filesystem. Could this be for any arbitrary file or just limited to the path in the Grouper app area?.. and, ya know... don't let SQL injection happen. Both of those don't seem that big of a deal. Some code would have to be written to connect to the DB in the grouper.hibernate.properties and do the appropriate call, yank out the artifact and create in the specified location. Would that be best for java to do, since you already have that initial thing written, or could it just be a gsh argument (e.g. gsh copycustomizations). Those are my thoughts, now assigning back to Hyzer.
|
[GRP-2746] never do the same push to dockerhub twice Created: 04/May/20 Updated: 07/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hubing (internet2.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
To make the builds immutable, is there a way to change jenkins to not push to dockerhub if there is already a build with that tag there? |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 07/May/20 ] |
or only build if tag applied, not by any commit |
[GRP-2704] Providing alternate ways of providing Azure userPrincipalName instead of auto generating Created: 22/Apr/20 Updated: 06/May/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.27 |
Type: | New Feature | Priority: | Minor |
Reporter: | Amit Poddar | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Chris Hyzer (upenn.edu)
|
Description |
Hi, It was great news when azure provisioner was announced today with support for Unified groups. I was waiting to use it, but one small restriction does not make it usable for us. It looks like userPrincipalName is generated from <uid>@<tenant.id>. There is an option to configure the first part, but looks like the second part is not configurable. We use AzureADSync to sync our users and the userPrincipalName in our case is yale.edu but the tenant id is yaleedu.onmicrosoft.com. The cloud users will have the later as a suffix to there userPrincipalName, but user synchronized from on-premise AD using Azure AD sync will have yale.edu as the suffix. Would it be possible to provide a possible list of domain values for the UPN suffix, and maybe a priority order to try to find a user or at least provide a way to specify the Azure UPN as a attribute on the subject directly so that the code does not have to generate the UPN Thanks, Amit (Yale University)
|
Comments |
Comment by Amit Poddar [ 22/Apr/20 ] | ||
Hi, It looks like there is a parameter called domain, which by default is set to tenantId, that I can set which is used for adding users to a group. But in remove member method, the code seems to be directly using tenantId instead of domain. I would have assumed that domain would be used in both places, and then my requirement will be met. Would it be considered a bug, or am I missing something? Thanks, Amit | ||
Comment by Chad Redman (unc.edu) [ 23/Apr/20 ] | ||
The removeMembership () method using tenantId instead of domain is a bug. I'll work on this. I think longer term there may be use for a jexl. For example different principals depending on the subject, fallback to alternate attributes, or string manipulation of the attribute value. | ||
Comment by Amit Poddar [ 23/Apr/20 ] | ||
Hi, In my opinion, longer term adding the feature that one of the subject attribute provides a complete userPrincipalName could be much simpler, where the the userPrincipalName logic could be hosted inside the subject source. What's your opinion? Thanks, Amit | ||
Comment by Chad Redman (unc.edu) [ 24/Apr/20 ] | ||
Something like this?
So it will just use azurePrincipal if it's defined, otherwise it will construct based on the existing method. Could something like that be used with your subject source? There is a lot of flexibility in the expression. Just one example, look it up from a hash map keyed on an attribute.
| ||
Comment by Amit Poddar [ 24/Apr/20 ] | ||
Hi, In our case as of now, the first option makes sense since we have the UPN in our subject source already. But I can see the value of the expression you are suggesting for other cases and maybe in our case also in future. Maybe a combination of both could be a long term solution, why choose if we can have both? Thanks, Amit | ||
Comment by Chad Redman (unc.edu) [ 01/May/20 ] | ||
Added both `upnAttribute` and `subjectJexl`. If the first property is defined as a subject's attribute, it will use it directly and skip any calculations. The subjectJexl will work as noted above. If the result of either of these is blank, it will fall back to another method, in the order of upnAttribute -> subjectJexl -> idAttribute + domain. | ||
Comment by Amit Poddar [ 06/May/20 ] | ||
Chad, Does the version 2.5.27 have all the changes mentioned? | ||
Comment by Amit Poddar [ 06/May/20 ] | ||
Ignore my comment, I just realized the version is in the header. Stupid me.
Thanks | ||
Comment by Amit Poddar [ 06/May/20 ] | ||
Chris, I had created this Jira, but we are running 2.4 so I cannot use the container. Is there a way to get a new version of provisioner jar, or should I have to build from source? Thanks, |
[GRP-2735] Ui loader diagnostics for SUBJECT_ID_OR_IDENTIFIER reports error Created: 02/May/20 Updated: 05/May/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.4.0, 2.5.0 |
Fix Version/s: | 2.5.27 |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Wiki states that a group loader can have a column for SUBJECT_ID_OR_IDENTIFIER. However, when running diagnostics in the UI, there is an error. SQL:
Error
|
[GRP-2747] grouper startup should use DB locking (like DDL) when creating objects Created: 04/May/20 Updated: 04/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2736] Membership tab ( on Members, Groups, etc...) should have more "sort/filter" options Created: 02/May/20 Updated: 02/May/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I find myself often wanting to answer questions like: If the default filter options could allow / help a user know the above it would be much more helpful than the existing UI list filtering. Specifically, the following would be helpful: Limit to: ( prefer drop-down lists based on values from the data set, Created by user : Null allowed for "all" or a drop-down lists of all users who created the object(s) being filtered. Examples: Creators of all members in a group, Creators of all objects in a Stem, |
[GRP-2727] don't display the "+ Add members" button on a composite group Created: 28/Apr/20 Updated: 28/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If the user does not have "update" to the composite then the "+ Add members" button is not displayed. However if they do have "update" ( on the group ) then the user can push the button and it displays a message "Note: you cannot add members to a composite group. You can add members to one of the factors. Click more to see composite information." This is not really helpful to a user. ( It is producing confusion. ) It seems more helpful to either: Hide the button for composite groups regardless of Update privileges to the group. ( Please, do this. ) |
Comments |
Comment by Carey Black (osu.edu) [ 28/Apr/20 ] |
Carey Black Chris Hyzer Carey Black I am very ok with attribute driven flows in the UI. ( A bit harder to maintain than a visualization..... but it is better than the current message box too. ) Carey Black |
[GRP-2726] add parameters to pit attribute value view so it shows value rows Created: 28/Apr/20 Updated: 28/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g.
|
[GRP-2721] add daemon configuration UI screen Created: 26/Apr/20 Updated: 26/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
https://spaces.at.internet2.edu/display/Grouper/Daemon+configuration |
[GRP-2720] By default, the status page shouldn't show information like group names Created: 26/Apr/20 Updated: 26/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Shilen Patel (duke.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
One concern is that groups that can be displayed on the status page may not have public view access so everybody should not be privileged to know that those groups even exist. By default, the status page is publicly available right now. Note that some enhancements have already been done in |
[GRP-2715] fix registry deep check, it tries to add foreign keys twice Created: 24/Apr/20 Updated: 24/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2706] allow loader diagnostics to run from command line Created: 23/Apr/20 Updated: 23/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2683] Package base properties into their respective jars Created: 15/Apr/20 Updated: 22/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | API, provisioning, UI, WS |
Affects Version/s: | None |
Fix Version/s: | 2.5.23 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
If you use grouper jars outside of the container, you no longer need to have the base properties file in the classpath. Just use the jar and you can have the non base properties file in the classpath. In fact, if you use a base properties file in your classpath, you might want to remove it, so when you upgrade the jar you automatically get the new base properties (in the jar). If you need to refer to the base properties file, you can unzip the jar and grab it, or you can git it from git. |
Comments |
Comment by Chad Redman (unc.edu) [ 15/Apr/20 ] |
The only one missing properties was the grouper jar. These are now added to the jar:
GrouperClient and activeMq already had their base properties packaged. |
Comment by Chris Hyzer (upenn.edu) [ 16/Apr/20 ] |
i assume this will be fixed in 2.5.23. |
[GRP-2416] folder menu tree add options to limit attributeDef and attributeDefNames Created: 09/Nov/19 Updated: 17/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.4.0 |
Fix Version/s: | 2.4.0.patch, 2.5.0 |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There are existing grouper-ui properties to limit the number of stems (uiV2.treeStemsOnIndexPage:30) and groups (uiV2.treeGroupsOnIndexPage:30) that are displayed in the folder menu tree. The tree also displays attributeDef and attributeDefName items. But there is a hard limit of 10 items, and this is in Java code and not configurable. |
Comments |
Comment by Chad Redman (unc.edu) [ 09/Nov/19 ] |
master branch 24e90474. Should this be a 2.4 patch? |
Comment by Chad Redman (unc.edu) [ 17/Apr/20 ] |
2.4 patch grouper_2_4_0-a84-u52-w10-p12 |
[GRP-2668] Azure provisioner can't remove members if idAttribute != "uid" Created: 12/Apr/20 Updated: 17/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.5.20 |
Fix Version/s: | 2.5.23 |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Regression happened during refactoring. When setting idAttribute to a fields other than the default "uid", the Azure provisioner can add members, but can't remove them. |
[GRP-2669] Azure provisioner add optional proxy setting Created: 12/Apr/20 Updated: 17/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.5.20 |
Fix Version/s: | 2.5.23 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Proposed: changeLog.consumer.o365.networkProxyType = http |
Comments |
Comment by Chad Redman (unc.edu) [ 17/Apr/20 ] |
+ #changeLog.consumer.o365.proxyType = [http | socks]
Does not support authenticated SOCKS5 at this point. |
[GRP-2670] Azure provisioner add optional property for group visibility Created: 12/Apr/20 Updated: 17/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.5.20 |
Fix Version/s: | 2.5.23 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Groups in azure have a visibility of Private, Public, or Hiddenmembership. The default is Public, which is not always desired. Note, this only matters for Unified groups, so is dependent on |
[GRP-2691] Azure provisioner add configurable mail nickname and description Created: 17/Apr/20 Updated: 17/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.5.22 |
Fix Version/s: | 2.5.23 |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The Azure changelog provisioner, as developed by Unicon, defaults the mail nickname to the group uuid with no way to change it. This should be easily configurable with Jexl expressions. It also defaults the group description to the Grouper group uuid. For normal membership add/deletes, it can get the Azure id from the o365GroupId attribute. But for group deletions, the PITGroup description was a quick way to retrieve the Azure groupId from the deleted Grouper group without navigating associated PITAttribute queries. This can be refactored to use the PITAttributeAssignValue of the o365GroupId, thus removing the dependence on group description, and freeing it up for arbitrary values. |
[GRP-2690] Group configuration to limit total number of memberships Created: 16/Apr/20 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
There are times that limiting the number of members in a group has value. It would be helpful to have data driven (attribute based) limits that could control the and a "only subject sources" list too. Suggested: Throw a veto of the membership add when a violation happens. Example uses: source "g:isa" could be excluded ( by setting MAX =0 ) if nesting groups are disallowed. etc.... I picture a set of attributes like: NOTE: if multiple subject sources need to be limited, then having "ref groups" ( that are each limited to a smaller number) that are embedded in other ref groups with the total max enforced there. |
[GRP-2489] add optional entity (subject) input to group or folder visualization Created: 18/Dec/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | GRP-2489Idea0.png GRP-2489Idea.png image-2019-12-19-10-03-09-646.png |
Description |
you take a policy, you input a person, and it lights up red and green with where the user is in or not in groups. you can more easily see why the user is in or is not in the policy...
|
Comments |
Comment by Chris Hyzer (upenn.edu) [ 19/Dec/19 ] |
Jeffrey Williams (uncg.edu) Yes, there are multiple ways to analyze a membership. Maybe there should be a link there too. But dont you think the entity combobox should be at the top of the visualization screen instead? Thanks |
Comment by Jeffrey Williams (uncg.edu) [ 19/Dec/19 ] |
Some thoughts: I like the idea of this functionality and think it is great for illustrating to others how an entity's membership flows through a policy. Do we think there is a desire to have a traceMembership style of presentation as well? It's possible the two can be combined on one page, but a separate presentation would certainly work.
Next thing I thought of was where more casual users would have occasion to ask this question. First that came to mind was while using the the membership filter. During filtering events where a filter for an entity returns 0 results, but a user would like to know why a user isn't there(screengrab illustrates a population group, which may also be applicable), a link could be presented to kick off the analysis for that particular entity.
Also, if a user knows an entity is not in a policy up front and wants to know why, perhaps we can re-use the filter menu and add an additional drop-down to switch between filtering actions and policy membership analysis?
|
Comment by Chris Hyzer (upenn.edu) [ 19/Dec/19 ] |
yes, the more the better as far as where to look for features Chad, lets discuss this before starting |
Comment by Jon Miner [ 26/Dec/19 ] |
I love this idea, both ways. The visualization would be great (and drilling down ad infinitum), but our support (service owners and HD) often just want to look at a group and see which of the groups (presumably ref groups, but maybe just other groups they've created) someone is in or isn't in, not recursing. I'm comfortable (especially in v1) making them click in to the next group (assuming they have READ, if not, they can't) to continue looking, as it'll help reduce confusion and assumptions (especially from HD who can see a bunch of things that they don't necessarily understand). |
[GRP-2490] permission names not in left tree menu Created: 18/Dec/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
I sent an email that I didnt want to be in Jira with an example screenshot... |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 18/Dec/19 ] |
From: Hyzer, Chris
Well the jira is there we can troubleshoot at some bug roundup, no biggie. Maybe the AttributeDefNameFinder defaults to “attribute” type…
From: Redman, Chad <chad_redman@unc.edu>
They should show up if they are returned by AttributeDefNameFinder() and have ATTR_VIEW_PRIVILEGES for the subject (unless there is a bug). Are permission names different enough that they wouldn't be returned by that? I'm not familiar with them. They just happen to have the same icon?
From: grouper-core-request@internet2.edu [grouper-core-request@internet2.edu] On Behalf Of Hyzer, Chris
Does left menu show attribute names but not permission names (which are a type of attribute name)? See its not in left folder? |
[GRP-2491] add "implies action" visualization Created: 18/Dec/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
For an attribute definition, if it is of type "permission", then add a "More actions" menu item that is "Visualization" That subpage should allow two possibilities
Here is example from legacy applet just for reference, doesnt need to be anything like this https://www.youtube.com/watch?v=DzBvOteaXJM Actions should point from the action that implies the other action to the action it implies (container to containee) The permission actions UI tab should have a simple link to Visualize all actions These visualizations should have similar controls as the other visualizations where it has max elements (e.g. 1000), and can share or have other configs as needed. Simpler the better though
|
[GRP-2492] add "implies resource" visualization Created: 18/Dec/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
For an attribute definition, if it is of type "permission", then add a "More actions" menu item that is "Visualization" That subpage should allow two possibilities
Here is example from legacy applet just for reference, doesnt need to be anything like this https://www.youtube.com/watch?v=DzBvOteaXJM Attribute names that are from a permission def which is of type "permission" should have a Visualize button in the "More actions" that visualizes that one permission name in both directions (implies and implied by) These visualizations should have similar controls as the other visualizations where it has max elements (e.g. 1000), and can share or have other configs as needed. Simpler the better though Link the visualization from the resource hierarchy screen
|
[GRP-2493] add Grouper permission role hierarchy visualization Created: 18/Dec/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chad Redman (unc.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
For groups that are roles, in the existing visualization screen, there should be a submenu to be able to visualize role hierarchies. arrows from roles to the roles whose permissions they absorb e.g. from Superadmin -> Admin For folders, in visualization, have a visualization option in the visualization screen that allows visualization for all roles in that folder (and subfolder). find groups which are also roles in one query. link from role hierarchy screen UiV2Main.index?operation=UiV2Role.roleEditInheritance&groupId=8496 |
[GRP-2663] minor updates to DDL Created: 09/Apr/20 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | 2.5.22 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Update the tests and remove from print statements
|
[GRP-2413] Allow loader jobs to be triggered by another job completion, not time-based Created: 07/Nov/19 Updated: 16/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | 2.4.0 |
Fix Version/s: | None |
Type: | New Feature | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Currently, loader jobs are all time-based. So if it depends on the results of another loader job, and the job takes longer than expected, the second job could be acting prematurely on old data. So the only option is to schedule them far apart, and hope the first job doesn't run too long. This issue can be solved by having a job that is triggered by the success of another job. Since the job is dependent on the data created by another job, it should be triggered any time the first job runs, even if it is kicked off at an arbitrary time. |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 16/Apr/20 ] |
note you can easily do this with an other job gsh script https://spaces.at.internet2.edu/pages/viewpage.action?pageId=166661325 |
[GRP-2673] have table in db that keeps track of when caches should be refreshed Created: 13/Apr/20 Updated: 13/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Right now in the DB config we use a config entry that indicates if any config has changed. this should be in a separate table so we arent having point in time churn when we keep track of dbConfig point in time This is in config item:
This would be a two col table with a label and an integer (millis since 1970). The label can be used for things to know when something is updated. The grouper JVM can centrally poll this whole table every so often (min 10 seconds configurable, and as needed) to see when things have changed. grouper_cache_notification Col: label varchar(30) PK and index Col: millis_since_1970_when_changed index
|
[GRP-2674] grouper config in database should be able to store more than 4k Created: 13/Apr/20 Updated: 13/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
hits limit when storing large keys in config |
[GRP-2667] external systems in ui Created: 11/Apr/20 Updated: 11/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
[GRP-2664] all daemon jobs screen add filter by number of changes Created: 10/Apr/20 Updated: 10/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
In a loader job that runs frequently, there are a lot of log rows that don't show anything interesting. If it had the ability to filter out logs where there were no changes, it would make it quicker to locate the runs where the job made some change. Maybe separate filters for add/update/delete, for minimum count to include in the results? |
[GRP-2662] installer says registry init was not successful but it was Created: 09/Apr/20 Updated: 09/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperInstaller |
Affects Version/s: | 2.5.22 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Attachments: | gshOutput.txt |
Description |
Note: chris made some ddl changes, maybe that was it. Are we waiting 20 seconds after thinking a container is done? I think there is a delay there
Here is the full log
docker logs gsh attached |
[GRP-2652] add changelogconsumer queue count to diagnostics output Created: 08/Apr/20 Updated: 08/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | WS |
Affects Version/s: | 2.5.0 |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Michael Gettes (ufl.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
2.5 latest - please consider adding the queue/backlog count to the WS status diagnostics.
------------------
------------------ the 7829 is the number of entries to be processed by the changelog consumer. Would like to enable nagios monitors to look for threshold in the queue count to notify of problems. An entry such as |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 08/Apr/20 ] |
number of records might not be ideal. it might be 100k but will be processed in a minute. maybe the amount of time it has been processing? its going to change before too long since we hopefully will be processing records out of order...
|
[GRP-2556] invitation: option to not try and add user to external subjects source if they exist Created: 16/Jan/20 Updated: 06/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | 2.5.20 |
Type: | Improvement | Priority: | Minor |
Reporter: | Paul Caskey (internet2.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
CC: |
Chris Hubing (internet2.edu), Erin Murtha (internet2.edu)
|
Description |
We would like to use Grouper's invitations, but, in our case, our system will force all users to register before getting to any of the apps. So, when a user arrives at the Grouper UI to accept an invitation, they will always exist in the main/ldap subject source. We'd like Grouper to check to see if the user exists in other subject sources before adding them to the external subjects source (which triggers an error when they already exist in a different source). |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 06/Apr/20 ] | |
you need to add this to grouper-ui.properties (or config in database) with source(s) which could contain users you are looking for:
|
[GRP-2643] add option in install container to use Dockerfile Created: 05/Apr/20 Updated: 05/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Ask if the user wants to use a dockerfile, If it doesnt exists in the root install direcotry whatever they identified (parent dir of slashRoot?), if there is no Dockerfile, create one, and start it out with:
Maybe tell them to hit <Enter> when they are done customizing... then build the container (ask them for name), and go from there?
This is not urgent, so when you are bored |
[GRP-2633] Status url ( maybe something in the UI for "admin/Wheel only users") to verify the current group version with the "latest info" about that version. Created: 01/Apr/20 Updated: 01/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Since the current plan is for people to manually check a wiki page it would be helpful if that was baked into the "Grouper monitoring" process too. This would allow deployed versions to:
|
[GRP-2632] java.lang.RuntimeException in a LDAP_GROUP_LIST loader that worked correctly in grouper 2.3 Created: 01/Apr/20 Updated: 01/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | grouperLoader |
Affects Version/s: | 2.4.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Major |
Reporter: | Nicolas Marcotte (usherbrooke.ca) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
We are currently migrating/upgrading our grouper 2.3 to the containerized 2.4 and we have run into a major difference of behavior between the LDAP implementations of Grouper 2.3 and the two from 2.4^1^ that cause a loader that used to run correctly on 2.3 to produce the following stack trace:
This exception occurs when an attribute declared in "Extra LDAP attributes"2 ** is absent in some results rows (it is normal for optional attributes to be absent). I initially traced the bug to that faulty construct in GrouperLoaderResultset :
And I feel that the correct patch would be to add the following condition :
before https://github.com/Internet2/grouper/blob/5e07ec70005ef066acf9505bcb7329a5a6c9a991/grouper/src/grouper/edu/internet2/middleware/grouper/ldap/ldaptive/LdaptiveSessionImpl.java#L759 and https://github.com/Internet2/grouper/blob/5e07ec70005ef066acf9505bcb7329a5a6c9a991/grouper/src/grouper/edu/internet2/middleware/grouper/ldap/vtldap/VTLdapSessionImpl.java#L541
|
[GRP-2547] Remove full-sync at startup option Created: 09/Jan/20 Updated: 01/Apr/20 |
|
Status: | Resolved |
Project: | Grouper |
Component/s: | daemon |
Affects Version/s: | 2.4.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Trivial |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Grouper 2.4 container image |
Description |
An old holdover from PSP that gives the user the option of doing a full-sync at startup is logging at each startup. Not many(or any) have used its functionality and since it's from the old incarnation, should most likely be removed. |
Comments |
Comment by Jeffrey Williams (uncg.edu) [ 01/Apr/20 ] |
Resolved via commit 0585b65 on 2/06/2020. Tagged for Grouper 2.5.5 release. |
[GRP-2631] gsh command that will replace a left or right group in a composite without having to rebuild it Created: 01/Apr/20 Updated: 01/Apr/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | gsh |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Jeffrey Williams (uncg.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
N/A |
Description |
Note: assignCompositeMember(CompositeType, leftGroup, rightGroup), rebuilds it for the user in the function. The question becomes: how well does that scale and if it causes significant population churn with large factor groups as the composite is replaced? |
[GRP-2624] grouper client should be able to refer to subject attributes by name Created: 25/Mar/20 Updated: 25/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
e.g.
|
[GRP-2623] copying a group with attributes doesnt copy attributes Created: 25/Mar/20 Updated: 25/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
only copies legacy attributes? maybe more options there? |
[GRP-2621] installer upgrade from 2.3 to 2.4 will create a ui/ws WEB-INF/lib/grouper folder and put some jars there Created: 25/Mar/20 Updated: 25/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
move those jars to the parent folder and its fixed this log message shows that this is the problem:
|
[GRP-2620] sql sync must have columns in same order (if *) Created: 25/Mar/20 Updated: 25/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chris Hyzer (upenn.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Comments |
Comment by Chris Hyzer (upenn.edu) [ 25/Mar/20 ] |
workaround is just specify the columns |
Comment by Chris Hyzer (upenn.edu) [ 25/Mar/20 ] |
rowsWithEqualData=0 (even if there are rows with similar data) |
Comment by Chris Hyzer (upenn.edu) [ 25/Mar/20 ] |
you might need to edit the grouper_sync entry to set the last incremental index processed to get the incremental working |
[GRP-2614] ChangeLogConsumerBaseImpl group_updateGroup does not handle description changes et. al. Created: 14/Mar/20 Updated: 14/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.3.0, 2.4.0, 2.5.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Chad Redman (unc.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
The ChangeLogConsumerBaseImpl listener for group_updateGroup handles cases of a group rename. However, if some group property such as the display name or description changes, it's logged as "invalidPropertyChanged" and ignored. But it should be up to a subclass to decide whether it should handle change in these properties. There is a stub method in the class for updateGroup(). But it is moot for subclasses to implement this, since no changelog events call it. |
[GRP-2506] Add group name to membership attribute assignments screen Created: 25/Dec/19 Updated: 14/Mar/20 |
|
Status: | Reopened |
Project: | Grouper |
Component/s: | None |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Vivek Sachdeva (google.com) | Assignee: | Vivek Sachdeva (google.com) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
on this screen you should have a column for group |
Comments |
Comment by Vivek Sachdeva (google.com) [ 14/Mar/20 ] |
-Duplicate of https://todos.internet2.edu/browse/GRP-2143- Ignore the comment above. It's not a duplicate of
|
[GRP-2612] Can not create ldap group when target system users are not required Created: 10/Mar/20 Updated: 11/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | provisioning |
Affects Version/s: | 2.4.0 |
Fix Version/s: | None |
Type: | Bug | Priority: | Minor |
Reporter: | Zachary Hanson-hart | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
TIER container 2.4.0-80-u51-w10-p11-20191118 |
Description |
In LdapGroupProvisioner.java, in function createGroup, when it finds the values for the membership attribute, it does not honor needsTargetSystemUsers = FALSE, and categorically sets LdapUser ldapUser = getTargetSystemUser(subject). This call to getTargetSystemUser fails, and the group never ends up being created. Perhaps add a branch in the loop over initialMembers around line 348, like: if (!config.needsTargetSystemUsers()) { } (I don't know if config.needsTargetSystemUsers() is the right thing to check; I'm not very familiar with the code base). |
Comments |
Comment by Zachary Hanson-hart [ 11/Mar/20 ] |
I submitted PR #109 on gitlab to merge iisimaginary:GRP-2612 |
[GRP-2611] Loader jobs should be able to add attributes and values to Groups or memberships that are loaded Created: 06/Mar/20 Updated: 06/Mar/20 |
|
Status: | Open |
Project: | Grouper |
Component/s: | API, UI |
Affects Version/s: | None |
Fix Version/s: | None |
Type: | Improvement | Priority: | Minor |
Reporter: | Carey Black (osu.edu) | Assignee: | Chris Hyzer (upenn.edu) |
Resolution: | Unresolved | Votes: | 1 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
It would be helpful to be able to load "meta data" onto groups and/or memberships via loader jobs.
use cases could include data (for groups or memberships) like: "Last refreshed/updated" |