Bug: aws char limit when a user has too many github teams

ministryofjustice / cloud-platform

Documentation on the MoJ cloud platform

MIT License

87 stars 45 forks source link

Bug: aws char limit when a user has too many github teams #6024

Closed jaskaransarkaria closed 3 weeks ago

jaskaransarkaria commented 3 months ago

Background

https://mojdt.slack.com/archives/C57UPMZLY/p1723563412884729

https://github.com/ministryofjustice/cloud-platform-terraform-aws-sso/blob/65f64786cd1f47aa9b2f8e9938b33026439ae96c/add-github-teams-to-saml-mappings.js#L36

needs a lot of testing
we can ignore teams not in the ministryofjustice and that will lower the amount of users that hit the limit

Definition of done

[ ] readme has been updated
[ ] user docs have been updated
[ ] another team member has reviewed
[ ] smoke tests are green
[ ] prepare demo for the team

Reference

How to write good user stories

jaskaransarkaria commented 3 weeks ago

I think that it maybe difficult to overcome this bug as we have a hard limit of 256 chars

Perhaps we could create a service which looked up the github teams in the cluster and removed teams that weren't in the cluster from the tag. We could call the service from an auth0 action

jaskaransarkaria commented 3 weeks ago

https://support.console.aws.amazon.com/support/home?region=eu-west-2#/case/?displayId=172969771900022&language=en

jaskaransarkaria commented 3 weeks ago

AWS response tl;dr

Hence , if you have multiple values for one keys , you would need to pass attribute value as <saml:AttributeValue xsi:type="xs:string">:webops:all-org-members:flux2-demo-admin-team:observability-platform:cloud-platform-label-pods-admin-team:</saml:AttributeValue> .

I understand even with this you are hitting character limit . However , currently this is the only possible way . Apologies for any inconvenience caused in this regard .

jaskaransarkaria commented 3 weeks ago

opened ticket to alleviate this issue https://github.com/ministryofjustice/cloud-platform/issues/6368