search

aws / res

Research and Engineering Studio (RES) is an AWS supported open source product that enables IT administrators to provide an easy-to-use web portal for scientists and engineers to run technical computing workloads on AWS.
https://github.com/aws/res
Apache License 2.0
82 stars 17 forks source link

[2024.06] Apply snapshot fails when AD group name contains spaces #49

Open ravipranjal opened 5 months ago

ravipranjal commented 5 months ago

Bug description

RES 2024.06 fails to apply snapshots from prior versions if the AD groups contain space(s) in their name(s).

The cluster-manager CloudWatch logs (under the /cluster-manager log group) will include the following error during AD sync:

[apply-snapshot] authz.role-assignments/<Group name with spaces>:group#<projectID>:project FAILED_APPLY because: [INVALID_PARAMS] Actor key doesn't match the regex pattern ^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{1,20}:(user|group)$

The error results from RES only accepting group names with the following requirements:

Affected versions

2024.06

Mitigation

Download patch.py and groupname_regex.patch by replacing <output-directory> with the directory to download the patch script and patch file and <environment-name> with the name of your RES environment in the command below: a. The patch only applies to RES 2024.06 b. The patch script requires AWS CLI v2, Python 3.9.16 or above, and Boto3. c. Configure the AWS CLI for the account / region where RES is deployed, and make sure that you have S3 permissions to write to the bucket created by RES.

OUTPUT_DIRECTORY=<output-directory>
ENVIRONMENT_NAME=<environment-name>

mkdir -p ${OUTPUT_DIRECTORY}
curl https://research-engineering-studio-us-east-1.s3.amazonaws.com/releases/2024.06/patch_scripts/patch.py --output ${OUTPUT_DIRECTORY}/patch.py
curl https://research-engineering-studio-us-east-1.s3.amazonaws.com/releases/2024.06/patch_scripts/patches/groupname_regex.patch --output ${OUTPUT_DIRECTORY}/groupname_regex.patch
  1. Navigate to the directory where the patch script and patch file are downloaded. Run the following patch command:
python3 patch.py --environment-name ${ENVIRONMENT_NAME} --res-version 2024.06 --module cluster-manager --patch ${OUTPUT_DIRECTORY}/groupname_regex.patch
  1. Restart the Cluster Manager instance for your environment by replacing with the name of your RES environment in the commands below. You may also terminate the instance from the Amazon EC2 Management Console.
INSTANCE_ID=$(aws ec2 describe-instances \
    --filters \
    Name=tag:Name,Values=${ENVIRONMENT_NAME}-cluster-manager \
    Name=tag:res:EnvironmentName,Values=${ENVIRONMENT_NAME}\
    --query "Reservations[0].Instances[0].InstanceId" \
    --output text)

aws ec2 terminate-instances --instance-ids ${INSTANCE_ID}

Note: The patch allows AD group names to contain lower case and uppercase ASCII letters, digits, dash(-), period (.), underscore (_), and spaces with a total length between 1 and 30, inclusive.