2024.12 release (#75)

CHANGELOG.md

@@ -1,6 +1,30 @@
 # Change Log
 This file is used to list changes made in each release of Research and Engineering Studio (RES).
 
+2024.12
+------
+
+**ENHANCEMENTS**
+
+- Added the ability to activate/deactivate SSH access to the RES environment.
+- Added the ability for Active Directory (AD) parameters to now be optional when deploying RES. Parameters can be changed at any time after deployment.
+- Added the ability to use Amazon Cognito users to log into RES and deploy Linux Virtual Desktop Infrastructure (VDI) sessions.
+- Added the ability to deploy RES infrastructure hosts with RHEL 8 or RHEL 9 in addition to the default Amazon Linux 2 OS.
+
+**CHANGES**
+
+- The listing of filesystems to onboard is now done through RES’s AWS Proxy Lambda function.
+- The DynamoDB table creation and default values population for RES has been moved to static CloudFormation stacks.
+- The option to Create Software Stack from an existing session has been removed as it was not working as intended.
+
+**BUG FIXES**
+
+- Resolved an issue where the storage root parameter is now properly defined for Ubuntu VDIs allowing access to the DCV upload/download icon in the session UI.
+- Resolved an issue with VDI auto stop feature in private VPC configuration. 
+- Resolved an issue with failing to launch VDIs for graphic enhanced instance types.
+- Resolved an issue where infrastructure AMI building would fail due to an error in the dependencies file.
+- Resolved an issue with the PublicAccessConfig parameter in the bootstrap stack causing an error in deployments using restricted Service Control Policies (SCP).
+
 2024.10
 ------
 
@@ -21,7 +45,6 @@ This file is used to list changes made in each release of Research and Engineeri
 - Resolved an issue where Infrastructure AMI building would error out due to a relative directory structure issue.
 - Resolved an issue where users were unable to connect to VDI instances running AL2 from the EC2 console.
 
-
 2024.08
 ------
 

RES_VERSION.txt

@@ -1 +1 @@
-2024.10
+2024.12

deployment/ecr/ad-sync/Dockerfile

@@ -0,0 +1,28 @@
+FROM public.ecr.aws/amazonlinux/amazonlinux:2023
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# add all packaged artifacts to container
+ARG PUBLIC_ECR_TAG
+ENV PUBLIC_ECR_TAG=${PUBLIC_ECR_TAG}
+ADD all-*.tar.gz python.sh /opt/res/downloads/
+
+# install Python 3.9.16 which is required to run RES applications
+RUN yum install -y wget openssl openssl-devel tar gzip gcc zlib-devel
+RUN . /opt/res/downloads/python.sh
+
+# install SSSD dependencies
+RUN yum install -y sssd-ldap sssd-krb5 sssd-tools
+
+ENV PATH="/opt/res/python/latest/bin:${PATH}"
+
+# install ad-sync app
+RUN yum install -y openldap-devel
+RUN mkdir -p /opt/res/downloads/ad-sync-${PUBLIC_ECR_TAG} && \
+    tar -xvf /opt/res/downloads/ad-sync-*.tar.gz -C /opt/res/downloads/ad-sync-${PUBLIC_ECR_TAG} && \
+    res_python -m venv venv && \
+    source venv/bin/activate && \
+    python -m pip install --upgrade pip==23.2.1 && \
+    pip install -r /opt/res/downloads/ad-sync-${PUBLIC_ECR_TAG}/requirements.txt && \
+    pip install $(ls /opt/res/downloads/ad-sync-${PUBLIC_ECR_TAG}/*-lib.tar.gz) && \
+    rm -rf /opt/res/downloads/ad-sync-${PUBLIC_ECR_TAG}

deployment/ecr/ad-sync/python.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+
+function install_python () {
+  local ALIAS_PREFIX="res"
+  local INSTALL_DIR="/opt/res/python"
+  local PYTHON_VERSION="3.9.16"
+  local PYTHON_URL="https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz"
+  local PYTHON_HASH="87acee12323b63a2e0c368193c03fd57e008585c754b6bceec6d5ec4c0bc34b3bb1ff20f31b6f5aff6e02502e7f5b291"
+  local PYTHON_HASH_METHOD=sha384
+  local PYTHON_TGZ="Python-${PYTHON_VERSION}.tgz"
+
+  local PYTHON3_BIN="${INSTALL_DIR}/latest/bin/python3"
+  local CURRENT_VERSION="$(${PYTHON3_BIN} --version | awk {'print $NF'})"
+  if [[ "${CURRENT_VERSION}" == "${PYTHON_VERSION}" ]]; then
+    echo "Python already installed and at correct version."
+  else
+
+    echo "Python not detected, installing"
+
+    local TIMESTAMP=$(date +%s)
+    local TMP_DIR="/root/bootstrap/python_installer/${ALIAS_PREFIX}-${TIMESTAMP}"
+    mkdir -p "${TMP_DIR}"
+    pushd ${TMP_DIR}
+
+    wget ${PYTHON_URL}
+    if [[ $(openssl ${PYTHON_HASH_METHOD} ${PYTHON_TGZ} | awk '{print $2}') != ${PYTHON_HASH} ]];  then
+        echo -e "FATAL ERROR: ${PYTHON_HASH_METHOD} Checksum for Python failed. File may be compromised." > /etc/motd
+        exit 1
+    fi
+
+    tar xvf ${PYTHON_TGZ}
+    pushd "Python-${PYTHON_VERSION}"
+    local PYTHON_DIR="${INSTALL_DIR}/${PYTHON_VERSION}"
+    ./configure LDFLAGS="-L/usr/lib64/openssl" \
+                CPPFLAGS="-I/usr/include/openssl" \
+                -enable-loadable-sqlite-extensions \
+                --prefix="${PYTHON_DIR}"
+
+    local NUM_PROCS=`nproc --all`
+    local MAKE_FLAGS="-j${NUM_PROCS}"
+    make ${MAKE_FLAGS}
+    make ${MAKE_FLAGS} install
+
+    local PYTHON_LATEST="${INSTALL_DIR}/latest"
+    ln -sf "${PYTHON_DIR}" "${PYTHON_LATEST}"
+    ln -sf "${PYTHON_LATEST}/bin/python3" "${PYTHON_LATEST}/bin/res_python"
+    ln -sf "${PYTHON_LATEST}/bin/pip3" "${PYTHON_LATEST}/bin/res_pip"
+
+    popd
+  fi
+}
+
+install_python
+

requirements/ad-sync.in

@@ -0,0 +1,13 @@
+arrow~=1.0
+assertpy~=1.0
+botocore~=1.0
+boto3~=1.0
+ldappool~=3.0
+pydantic~=1.0
+pytest~=7.2.0
+python-ldap~=3.0
+random-password-generator~=2.0
+shortuuid~=1.0
+supervisor~=4.0
+validators~=0.0
+python_dynamodb_lock==0.9.1

requirements/ad-sync.txt

@@ -0,0 +1,33 @@
+arrow==1.3.0
+assertpy==1.1
+attrs==24.2.0
+boto3==1.35.68
+botocore==1.35.68
+exceptiongroup==1.2.2
+iniconfig==2.0.0
+jmespath==1.0.1
+ldappool==3.0.0
+packaging==24.2
+pluggy==1.5.0
+prettytable==3.12.0
+pyasn1==0.6.1
+pyasn1-modules==0.4.1
+pydantic==1.10.19
+pytest==7.2.2
+python-dateutil==2.9.0.post0
+python-dynamodb-lock==0.9.1
+python-ldap==3.4.4
+random-password-generator==2.2.0
+s3transfer==0.10.4
+shortuuid==1.0.13
+six==1.16.0
+supervisor==4.2.5
+tomli==2.1.0
+types-python-dateutil==2.9.0.20241003
+typing-extensions==4.12.2
+urllib3==1.26.20
+validators==0.34.0
+wcwidth==0.2.13
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools

requirements/build.txt

@@ -1,13 +1,14 @@
 cachetools==5.5.0
 chardet==5.2.0
 colorama==0.4.6
-distlib==0.3.8
+distlib==0.3.9
 filelock==3.16.1
 invoke==2.2.0
-packaging==24.1
+packaging==24.2
 platformdirs==4.3.6
 pluggy==1.5.0
 pyproject-api==1.8.0
-tomli==2.0.1
-tox==4.20.0
-virtualenv==20.26.5
+tomli==2.1.0
+tox==4.23.2
+typing-extensions==4.12.2
+virtualenv==20.27.1

requirements/dev.in

@@ -1,3 +1,4 @@
+-r ad-sync.in
 -r idea-administrator.in
 -r idea-virtual-desktop-controller.in
 -r idea-cluster-manager.in
@@ -9,9 +10,14 @@
 
 -e file:.
 -e file:./source/idea/idea-data-model/src
+-e file:./source/idea/library/src
 
 pip-tools~=7.0
 pyfiglet~=1.0
 openapi-schema-pydantic~=1.0
 pylint~=2.0
+PyYAML~=6.0
+types-PyYAML~=6.0
 types-requests~=2.0
+moto~=5.0
+types-xmltodict~=0.14