search

awslabs / ssosync

Populate AWS SSO directly with your G Suite users and groups using either a CLI or AWS Lambda
Apache License 2.0
517 stars 178 forks source link

Panic - Issues with Control Tower created users #118

Closed inickles closed 1 year ago

inickles commented 1 year ago

Describe the bug

Trying to run ssosync for the first time resulted in a panic: runtime error: invalid memory address or nil pointer dereference.

Full stack trace at the time, which had an additional log statement:

$ git rev-parse HEAD
d4a145e133037c161d4c9a69fe8ce0ad1378696a
$ git diff
diff --git a/internal/sync.go b/internal/sync.go
index d729b0b..50c6604 100644
--- a/internal/sync.go
+++ b/internal/sync.go
@@ -855,6 +855,7 @@ func ConvertSdkUserObjToNative(user *identitystore.User) *aws.User {
        userEmails := make([]aws.UserEmail, 0)

        for _, email := range user.Emails {
+               log.Info(email)
                userEmails = append(userEmails, aws.UserEmail{
                        Value:   *email.Value,
                        Type:    *email.Type,
d4a145e133037c161d4c9a69fe8ce0ad1378696a
$ ./ssosync ...
INFO[0000] Syncing AWS users and groups from Google Workspace SAML Application
INFO[0000] syncing                                       sync_method=groups
...
INFO[0001] get existing aws users
INFO[0001] {
  Primary: <sensitive>,
  Type: <sensitive>,
  Value: <sensitive>
}
INFO[0001] {
  Value: <sensitive>
}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xaf17b2]

goroutine 1 [running]:
github.com/awslabs/ssosync/internal.ConvertSdkUserObjToNative(0xc000048180)
        /home/inickles/src/ssosync/internal/sync.go:862 +0x192
github.com/awslabs/ssosync/internal.ListUsersPagesCallbackFn(0xc00080e6d8?, 0x1)
        /home/inickles/src/ssosync/internal/sync.go:848 +0x65
github.com/aws/aws-sdk-go/service/identitystore.(*IdentityStore).ListUsersPagesWithContext(0xc0001ae2e0, {0xfe8770?, 0xc0001a4000}, 0xc0007deae0, 0xd8c690, {0x0, 0x0, 0x0})
        /home/inickles/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.102/service/identitystore/api.go:1897 +0x1f0
github.com/aws/aws-sdk-go/service/identitystore.(*IdentityStore).ListUsersPages(0x0?, 0x0?, 0xc000282af0?)
        /home/inickles/go/pkg/mod/github.com/aws/aws-sdk-go@v1.44.102/service/identitystore/api.go:1871 +0x3a
github.com/awslabs/ssosync/internal.(*syncGSuite).GetUsers(0xc00080fbe8)
        /home/inickles/src/ssosync/internal/sync.go:833 +0xaf
github.com/awslabs/ssosync/internal.(*syncGSuite).SyncGroupsUsers(0xc00080fbe8, {0x7fff08adb73f, 0x17})
        /home/inickles/src/ssosync/internal/sync.go:318 +0x436
github.com/awslabs/ssosync/internal.DoSync({0xfe8738, 0xc000562340}, 0xc000036480)
        /home/inickles/src/ssosync/internal/sync.go:747 +0x485
github.com/awslabs/ssosync/cmd.glob..func1(0x14f1120?, {0xd2cfea?, 0x11?, 0x11?})
        /home/inickles/src/ssosync/cmd/root.go:57 +0x5b
github.com/spf13/cobra.(*Command).execute(0x14f1120, {0xc0001b2010, 0x11, 0x11})
github.com/spf13/cobra.(*Command).Execute(...)
main.main()
        /home/inickles/src/ssosync/main.go:29 +0x17

Reproduction

I am no longer able to reproduce the bug after successfully running with a patch I added in attempt to fix the error.

However, the steps I took were:

  1. Set up a new AWS Organization with Control Tower
  2. Ran ssosync for the first time
  3. Boom, stack trace printed

Expected behavior

I expected at least an error message, not this.

Additional context

The fix I tried that seems to have worked:

$ git diff
diff --git a/internal/sync.go b/internal/sync.go
index d729b0b..fb4013e 100644
--- a/internal/sync.go
+++ b/internal/sync.go
@@ -855,6 +855,9 @@ func ConvertSdkUserObjToNative(user *identitystore.User) *aws.User {
        userEmails := make([]aws.UserEmail, 0)

        for _, email := range user.Emails {
+               if email.Value == nil || email.Type == nil || email.Primary == nil {
+                       continue
+               }
                userEmails = append(userEmails, aws.UserEmail{
                        Value:   *email.Value,
                        Type:    *email.Type,

I don't know if that's idiomatic or the appropriate fix tho.

cdtiwari-ebi commented 1 year ago

I am facing the same issue with my setup, I used below command ssosync/ssosync --debug --access-token $SSO_SCIM_TOKEN --endpoint $SSO_SCIM_URL --google-admin $SSO_GOOGLE_ADMIN_MAIL --google-credentials ssosync/credential.json --sync-method users_groups --group-match grp-aws-*

seeing below error;

INFO[0068] creating user                                 email=abbcedic@XXXX.uk
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0xb0d5cf]

goroutine 1 [running]:
github.com/awslabs/ssosync/internal.(*syncGSuite).SyncUsers(0xc000369830, 0x0, 0x0, 0x1, 0x1)
    /home/ubuntu/ssosync/internal/sync.go:144 +0xd5f
github.com/awslabs/ssosync/internal.DoSync(0x119ae80, 0xc000364f40, 0xc000384000, 0xc000364f40, 0xc00036b060)
    /home/ubuntu/ssosync/internal/sync.go:717 +0x46e
github.com/awslabs/ssosync/cmd.glob..func1(0x1794060, 0xc00037e270, 0x0, 0xd, 0x0, 0x0)
    /home/ubuntu/ssosync/cmd/root.go:55 +0xa4
github.com/spf13/cobra.(*Command).execute(0x1794060, 0xc0000320f0, 0xd, 0xd, 0x1794060, 0xc0000320f0)
    /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:852 +0x460
github.com/spf13/cobra.(*Command).ExecuteC(0x1794060, 0x4076df, 0xc000088058, 0x0)
    /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:960 +0x349
github.com/spf13/cobra.(*Command).Execute(...)
    /home/ubuntu/go/pkg/mod/github.com/spf13/cobra@v1.1.3/command.go:897
github.com/awslabs/ssosync/cmd.Execute()
    /home/ubuntu/ssosync/cmd/root.go:72 +0x41
main.main()
    /home/ubuntu/ssosync/main.go:29 +0x20

Please let me know what it caused.

ChrisPates commented 1 year ago

Resolved by release v2.0.2