search

aws / res

Research and Engineering Studio (RES) is an AWS supported open source product that enables IT administrators to provide an easy-to-use web portal for scientists and engineers to run technical computing workloads on AWS.
https://github.com/aws/res
Apache License 2.0
82 stars 17 forks source link

[2024.04.02 and earlier] Fails to sync AD user whose SAMAccountName attribute includes capital letters or special characters #42

Closed junbo75 closed 5 months ago

junbo75 commented 6 months ago

Bug description

RES fails to sync AD users after SSO is set up for at least two hours (two AD sync cycles). The cluster-manager CloudWatch logs (under the <environment-name>/cluster-manager log group) include the following error during AD sync:

Error: [INVALID_PARAMS] Invalid params: user.username must match regex: ^(?=.{3,20}$)(?![_.])(?!.*[_.]{2})[a-z0-9._]+(?<![_.])$

The error results from RES only accepting SAMAccount username with the following requirements:

Affected versions (OSes, schedulers)

2024.04.02 and earlier

Mitigation

  1. Download patch.py and samaccountname_regex.patch by replacing <output-directory> with the directory to download the patch script and patch file in the command below: a. The patch only applies to RES 2024.04.02. b. The patch script requires AWS CLI v2, Python 3.9.16 or above, and Boto3. c. Configure the AWS CLI for the account / region where RES is deployed, and make sure that you have S3 permissions to write to the bucket created by RES.
OUTPUT_DIRECTORY=<output-directory>

curl https://research-engineering-studio-us-east-1.s3.amazonaws.com/releases/2024.04.02/patch_scripts/patch.py --output ${OUTPUT_DIRECTORY}/patch.py

curl https://research-engineering-studio-us-east-1.s3.amazonaws.com/releases/2024.04.02/patch_scripts/patches/samaccountname_regex.patch --output ${OUTPUT_DIRECTORY}/samaccountname_regex.patch
  1. Navigate to the directory where the patch script and patch file are downloaded. Run the following patch command:
python3 patch.py --environment-name <environment-name> --res-version 2024.04.02 --module cluster-manager --patch samaccountname_regex.patch
  1. Restart the Cluster Manager instance for your environment by replacing <environment-name> with the name of your RES environment in the commands below. You may also terminate the instance from the Amazon EC2 Management Console.
ENVIRONMENT_NAME=<environment-name>

INSTANCE_ID=$(aws ec2 describe-instances \
    --filters \
    Name=tag:Name,Values=${ENVIRONMENT_NAME}-cluster-manager \
    Name=tag:res:EnvironmentName,Values=${ENVIRONMENT_NAME}\
    --query "Reservations[0].Instances[0].InstanceId" \
    --output text)

aws ec2 terminate-instances --instance-ids ${INSTANCE_ID}
junbo75 commented 5 months ago

The fix is included in the 2024.06 release. Closing the issue now.