[Geoserver-devel] GeoServer PSC meeting, September 27th 2022

GeoTools / GeoServer PMC meeting - 2022-09-27Attending

   -

   Torben Barsballe
   -

   Jukka Rahkonnen
   -

   Andrea Aime
   -

   Jody Garnett
   -

   Kevin Smith

Actions from prior meetings:

   -

   N/A

Agenda

   1.

   Welcome page
   2.

   2.22-RC release
   3.

   Exposing database column description in DescribeFeatures
   4.

   REST API and Swagger declarations
   5.

   pr-roundup/chit-chat

Actions

   -

   jody: contact michel about geoserver.css PR

Welcome page

Welcome page is "done" but not yet approved :slight_smile:

Broken to PRs:

   -

   https://github.com/geoserver/geoserver/pull/6122 [GEOS-10058] Welcome
   Page Layout
   -

   https://github.com/geoserver/geoserver/pull/6198 [GEOS-10624] data
   directory ne workspace

Welcome page, last glitch with "spy vs spy" geoserver.css VS wicket
developer toolbar!

   -

   display:flex assumes all children will be div and styled with flex
   -

   magic wicket:panel picks up normal div styling and breaks this idea

#capabilities .flex-display wicket:panel {

    display: flex;

    gap: 25px;

    margin: 1.5em 0;

    flex-wrap: wrap;

}

Enabling developer mode, done with system variable:
-Dwicket.configuration=development

cite as the default workspace - is empty, can we use something else?
Perhaps topp?

   -

   Was set to be default during routine cleanup ~6 years ago
   <https://github.com/geoserver/geoserver/pull/1604&gt;

Feedback from meeting:

   -

   todo: Include serviceCapabilities even if global services are off
   -

   todo: Make the ne the default workspace
   -

   consider: Cut back roads level of detail and attributes during RC phase,
   adjust tutorial to match
   -

   consider: Show default workspace if global services are off so GeoServer
   does not appear broken
   -

   note: OGCAPI services should migrate to ServiceDescription and they can
   support per-workspace / per-layer services
   -

2.22-RC release

Looks like welcome and ne workspaces are good enough?

   -

   Anyone able to assist?
   -

   Jody have PRs merged
   -

   Branches?
   -

   Help on blog post? - andrea
   -

   Jenkins Jobs?

Anything outstanding?

GWC Security PRs

- just waiting on each other (have to be merged at the same time)

geoserver.css rewrite:

- collecting conflicts

- Michel working on extensions (required)

- Community modules (nice to have)

- Update developers guide (eventually done)

- Ask michel if he wants in for RC or after the release? Or save for 2.23
cycle …
Exposing database column description in DescribeFeatureType

Pick column remarks from databases, expose them as documentation in the XML
schema,

optionally done with a flag in the datastore.

Using PropertyType getDescription(), and enabling with a flag.

REST API and Swagger declarations

We should include the swagger API in the REST API.

How do we link to the many Swagger files though? Each controller has one,
typically the sub-service has its own API linked from it.

If we are to include swagger UI in goserver then the html pages could
incliude link to their api.

Andrea also talked about merging them all into one api, to link to from
welcome page (for admins).

Gabe worked on doing some client generation; how did that go?

Good ideas, funding required :slight_smile:
pr-roundup/chit-chat

Foss4g presentation on cloud native geoserver:

   -

   faster catalog implementation, multi-threaded loader? Would love to know
   more …
   -

   going back to combined geoserver microservice; rather than geoserver wms
   / wfs / wcs microservce
   -

   microservice catalog? services are so chatty it would make things slow?
   -

   So what is split?
   -

      gui and rest api are distinct microservices
      -

      have options of distinct wms, wfs, wcs microservices
      -

   Wait for video …

Covered above?

   -

   I saw the user parameterized PR go through? Is that not risky …

I don’t think we discussed this yesterday. Can you elaborate where the risk is coming from?
Environment parametrization of the data directory allows to add placeholders in the configuration, and expand the placeholders
based on values found in a property file… were you thinking about user provided variables, used in SLD via the env function, instead?

Cheers
Andrea

···

GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail

We did not, I believe I missed the discussion where the feature was proposed. I like to be careful when setting up any avenue for external control of geoserver security.

I assume this is for controlling geoserver security via external environmental variables, say for docker image? While I could see it being useful to manage the credentials for one user (say admin or root).

The docs modified during the PR are here on the password policy page, however they contain example specific to the XML user/group service based on users.xml file. Can the approach be used for roles service also?

Recommend:

···


Jody Garnett

We did not, I believe I missed the discussion where the feature was proposed.

There was no discussion on the list, but PRs, comments on PRs, and ticket are notified to all developers
(unless they made moves to filter out those mails, we have no control over that).

The PR in question is here, it received reviews from two different parties:
https://github.com/geoserver/geoserver/pull/6187

The PR has been open for 3 days, while I understand it’s a short time to gather more reviews,
it should have been enough for a “hey I’m interested in looking deeper in this one, can you hold up?”
or “I believe this warrants a discussion”. I
While you did not add any such comment, I saw you comment once on the Jira ticket in the past:
when there is a PR, please comment on Github instead.
Jira notifies only the people directly involved in the ticket, Github notifies all of the
devs in the “geoserver team” group. When you raise your hand for something important,
best to it so that it reaches all devs.

We can also argue whether this is a new feature or an improvement, as it extends an existing
functionality to other areas (see below).

I like to be careful when setting up any avenue for external control of geoserver security.

I agree we need to be careful. However, this “external” is a property file set by the administrator,
not something user provided.
The functionality itself that has been available since 2016 and which has so far been used to
externalize location of data sources and credentials for them (as well as for blobstores and the like).
The PR adds one more bit in what can be parameterized.

I assume this is for controlling geoserver security via external environmental variables, say for docker image? While I could see it being useful to manage the credentials for one user (say admin or root).

Let’s have a look at the environment parametrization first line:

Environment parametrization allows to parameterize some of the settings in GeoServer’s catalog by means of a templating mechanism to tailor GeoServer’s settings to the environment in which is run.

The ability to parameterize user passwords fits into this theme (if we want to be picky, env parametrization has gone beyond just “catalog” years ago, encompassing bits of GWC for example).

The docs modified during the PR are here on the password policy page, however they contain example specific to the XML user/group service based on users.xml file. Can the approach be used for roles service also?

The original target was for XML files, and the first approach was to actually modify only that one.
During implementation discussion I suggested implementing a wrapper around a UserDetailService instead (less conditional logic, more general, easier to understand).
As a result, while completely untested, it might work for other user detail services as well. Before documenting this as available, I suggest the interested
parties do some testing and verify it’s actually working, before adding documentation that might sway users the wrong way.

Recommend:

The current position is a good match for what we know about the implementation, it definitely works on XML user services, might work on others
but testing it was out of the ticket scope. Some other devs can test over LDAP, JDBC or their preferred alternative user source and
add a documentation example accordingly.

Based on the above, nope, but it can definitely link to passwd.rst

Cheers
Andrea

···

GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob: +39 339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it


Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail