2024.12.01 release (#78)

Signed-off-by: Felipe Rangel <89224078+rangfeli@users.noreply.github.com>

CHANGELOG.md

@@ -1,6 +1,13 @@
 # Change Log
 This file is used to list changes made in each release of Research and Engineering Studio (RES).
 
+2024.12.01
+------
+
+**BUG FIXES**
+
+- Resolved an issue where Cognito users were unable to provision VDIs when the RES environment is not setup with Active Directory.
+
 2024.12
 ------
 

RES_VERSION.txt

@@ -1 +1 @@
-2024.12
+2024.12.01

source/idea/ad-sync/src/adsync_meta/__init__.py

@@ -2,4 +2,4 @@
 #  SPDX-License-Identifier: Apache-2.0
 
 __name__ = "ad-sync"
-__version__ = "2024.12"
+__version__ = "2024.12.01"

source/idea/idea-administrator/src/ideaadministrator_meta/__init__.py

@@ -12,4 +12,4 @@
 # pkg config for soca-admin. no dependencies.
 
 __name__ = 'idea-administrator'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/idea-bastion-host/src/ideabastionhost_meta/__init__.py

@@ -10,4 +10,4 @@
 #  and limitations under the License.
 
 __name__ = 'idea-bastion-host'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/idea-bootstrap/_templates/linux/join_activedirectory.jinja2

@@ -113,42 +113,6 @@ ad_automation_request_authorization
 ad_automation_wait_for_authorization_and_join
 # ad_automation_wait_for_authorization_and_join exports IDEA_HOSTNAME for our Kerberos info
 
-grep -q "## Add the \"${AD_SUDOERS_GROUP_NAME}\"" /etc/sudoers
-if [[ "$?" != "0" ]]; then
-  echo -e "
-## Add the \"${AD_SUDOERS_GROUP_NAME}\" group from the ${AD_DOMAIN_NAME} domain.
-%${AD_SUDOERS_GROUP_NAME_ESCAPED} ALL=(ALL:ALL) ALL
-">> /etc/sudoers
-fi
-
-function add_admins_to_sudoers () {
-  if [[ ! -f "/root/.convert_from_dynamodb_object.jq" ]]; then
-    create_jq_ddb_filter
-  fi
-
-  admins=$($AWS dynamodb query \
-       --table-name ${RES_USER_TABLE} \
-       --index-name role-index \
-       --key-condition-expression "#R=:r1" --expression-attribute-names '{"#R":"role"}' \
-       --expression-attribute-values '{":r1":{"S":"admin"}}' \
-       --region "${AWS_REGION}" | jq -f /root/.convert_from_dynamodb_object.jq)
-
-  for row in $(echo "${admins}" | jq -r '.Items[] | @base64'); do
-    is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \
-    -r '.additional_groups | any(. == $sudoers_group)')
-    if [ "$is_part_of_sudoer_group" = false ] ; then
-        admin=$(echo $row | base64 --decode | jq -r '.username')
-        echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers
-    fi
-  done
-}
-
-grep -q "## Add RES admins to sudoers" /etc/sudoers
-if [[ "$?" != "0" ]]; then
-  echo "## Add RES admins to sudoers" >> /etc/sudoers
-  add_admins_to_sudoers
-fi
-
 if [[ -f /etc/sssd/sssd.conf ]]; then
   cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
 fi
@@ -213,12 +177,4 @@ chmod 600 /etc/sssd/sssd.conf
 systemctl enable sssd
 systemctl restart sssd
 
-# note: sss is removed for nsswitch to compared to openldap, to avoid mail spams.
-grep -q "sudoers: files" /etc/nsswitch.conf
-if [[ "$?" != "0" ]]; then
-  echo "sudoers: files" >> /etc/nsswitch.conf
-fi
-
 # End: Join ActiveDirectory
-
-

source/idea/idea-bootstrap/_templates/linux/join_directoryservice.jinja2

@@ -9,7 +9,6 @@
 {%- if context.config.get_string('directoryservice.provider') in ['activedirectory', 'aws_managed_activedirectory'] %}
   {%- if (context.config.get_string('directoryservice.disable_ad_join') == 'True') or (context.module_name == "cluster-manager") or (context.module_name == "bastion-host")%}
     {%- include '_templates/linux/connect_activedirectory.jinja2' %}
-{% include '_templates/linux/set_sudoers.jinja2' %}
   {%- else %}
     {%- include '_templates/linux/join_activedirectory.jinja2' %}
   {% endif -%}

source/idea/idea-bootstrap/_templates/linux/set_sudoers.jinja2

@@ -1,4 +1,5 @@
 RES_USER_TABLE="${IDEA_CLUSTER_NAME}.accounts.users"
+{% if context.config.get_string('directoryservice.name', default='') != '' %}
 AD_SUDOERS_GROUP_NAME="{{ context.config.get_string('directoryservice.sudoers.group_name', required=True) }}"
 AD_SUDOERS_GROUP_NAME_ESCAPED="{{ context.config.get_string('directoryservice.sudoers.group_name', required=True).replace(' ', '\ ') }}"
 
@@ -9,6 +10,7 @@ if [[ "$?" != "0" ]]; then
 %${AD_SUDOERS_GROUP_NAME_ESCAPED} ALL=(ALL:ALL) ALL
 ">> /etc/sudoers
 fi
+{% endif %}
 
 function add_admins_to_sudoers () {
   if [[ ! -f "/root/.convert_from_dynamodb_object.jq" ]]; then
@@ -24,12 +26,17 @@ function add_admins_to_sudoers () {
        --region "${AWS_REGION}" | jq -f /root/.convert_from_dynamodb_object.jq)
 
   for row in $(echo "${admins}" | jq -r '.Items[] | @base64'); do
-    is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \
-    -r '.additional_groups | any(. == $sudoers_group)')
-    if [ "$is_part_of_sudoer_group" = false ] ; then
-        admin=$(echo $row | base64 --decode | jq -r '.username')
-        echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers
-    fi
+    {% if context.config.get_string('directoryservice.name', default='') != '' %}
+      is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \
+      -r '.additional_groups | any(. == $sudoers_group)')
+      if [ "$is_part_of_sudoer_group" = false ] ; then
+          admin=$(echo $row | base64 --decode | jq -r '.username')
+          echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers
+      fi
+    {% else %}
+      admin=$(echo $row | base64 --decode | jq -r '.username')
+      echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers
+    {% endif %}
   done
 }
 
@@ -44,4 +51,3 @@ grep -q "sudoers: files" /etc/nsswitch.conf
 if [[ "$?" != "0" ]]; then
   echo "sudoers: files" >> /etc/nsswitch.conf
 fi
-

source/idea/idea-bootstrap/common/configure_cognito_modules.sh

@@ -104,8 +104,8 @@ setup_nss() {
   # Example of what the updated lines will look like is shown below
   #passwd:     files sss cognito
   #group:      files sss cognito
-  grep -q "^passwd.*cognito" /etc/nsswitch.conf || sed -i 's/\(^passwd:.*sss\)/\1 cognito/' /etc/nsswitch.conf;
-  grep -q "^group.*cognito" /etc/nsswitch.conf || sed -i 's/\(^group:.*sss\)/\1 cognito/' /etc/nsswitch.conf;
+  grep -q "^passwd.*cognito" /etc/nsswitch.conf || sed -i 's/\(^passwd:.*\)/\1 cognito/' /etc/nsswitch.conf;
+  grep -q "^group.*cognito" /etc/nsswitch.conf || sed -i 's/\(^group:.*\)/\1 cognito/' /etc/nsswitch.conf;
 
   # Create cache directory
   mkdir -p /opt/cognito_auth/

source/idea/idea-bootstrap/virtual-desktop-host-linux/configure.sh.jinja2

@@ -135,7 +135,9 @@ if [[ ! -f ${CONFIG_FINISHED_LOCK} ]]; then
     {% include '_templates/linux/motd.jinja2' %}
   {%- endwith %}
 
-  {% include '_templates/linux/join_directoryservice.jinja2' %}
+  {% if context.config.get_string('directoryservice.name', default='') != '' %}
+    {% include '_templates/linux/join_directoryservice.jinja2' %}
+  {% endif %}
 
   {% if context.config.get_string('scheduler.provider') == 'openpbs' %}
     {% include '_templates/linux/openpbs_client.jinja2' %}
@@ -145,6 +147,8 @@ if [[ ! -f ${CONFIG_FINISHED_LOCK} ]]; then
     /bin/bash "${SCRIPT_DIR}/../common/configure_cognito_modules.sh" -o "${RES_BASE_OS}" -s "${SCRIPT_DIR}" -u "${IDEA_SESSION_OWNER}" -r "${AWS_REGION}" -i "${COGNITO_MIN_ID}" -a "${COGNITO_MAX_ID}" -d "${COGNITO_UID_ATTRIBUTE}" -p "${USER_POOL_ID}" -c "${VDI_CLIENT_ID}" -g "${COGNITO_DEFAULT_USER_GROUP}" -x "${https_proxy}"
   {% endif %}
 
+  {% include '_templates/linux/set_sudoers.jinja2' %}
+
   #Begin: Configure SSH Key Gen
   /bin/bash "${SCRIPT_DIR}/../common/configure_ssh_keygen.sh" -o "${RES_BASE_OS}" -s "${SCRIPT_DIR}" -u "${IDEA_SESSION_OWNER}"
   #End: Configure SSH Key Gen

source/idea/idea-cluster-manager/src/ideaclustermanager/app/snapshots/helpers/apply_snapshots_config.py

@@ -34,6 +34,7 @@
     RESVersion.v_2024_08,
     RESVersion.v_2024_10,
     RESVersion.v_2024_12,
+    RESVersion.v_2024_12_01,
 ]
 
 TABLE_TO_TABLE_KEYS_BY_VERSION: Dict[TableName, Dict[RESVersion, TableKeys]] = {

source/idea/idea-cluster-manager/src/ideaclustermanager_meta/__init__.py

@@ -10,4 +10,4 @@
 #  and limitations under the License.
 
 __name__ = 'idea-cluster-manager'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/idea-cluster-manager/webapp/.env

@@ -1,4 +1,4 @@
 REACT_APP_IDEA_HTTP_ENDPOINT="http://localhost:8080"
 REACT_APP_IDEA_ALB_ENDPOINT="http://localhost:8080"
 REACT_APP_IDEA_HTTP_API_SUFFIX="/api/v1"
-REACT_APP_IDEA_RELEASE_VERSION="2024.12"
+REACT_APP_IDEA_RELEASE_VERSION="2024.12.01"

source/idea/idea-cluster-manager/webapp/package.json

@@ -1,6 +1,6 @@
 {
   "name": "web-portal", 
-  "version": "2024.12", 
+  "version": "2024.12.01", 
   "private": true,
   "dependencies": {
     "@cloudscape-design/components": "^3.0.82",

source/idea/idea-cluster-manager/webapp/src/pages/cluster-admin/identity-management.tsx

@@ -50,14 +50,25 @@ class IdentityManagement extends Component<IdentityManagementProps, IdentityMana
     async componentDidMount() {
         try {
             const clusterSettingsService = AppContext.get().getClusterSettingsService();
-            const [directoryservice, identityProvider] = await Promise.all([
+            const [directoryservice, identityProvider] = await Promise.allSettled([
                 clusterSettingsService.getDirectoryServiceSettings(),
                 clusterSettingsService.getIdentityProviderSettings(),
             ]);
-            this.setState({
-                directoryservice,
-                identityProvider,
-            });
+            // The status field is provided by the `allSettled` API. API definition is provided here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/allSettled#status
+            if (directoryservice.status === "fulfilled") {
+                this.setState(
+                    {
+                        directoryservice: directoryservice.value
+                    }
+                )
+            }
+            if (identityProvider.status === "fulfilled") {
+                this.setState(
+                    {
+                        identityProvider: identityProvider.value
+                    }
+                )
+            }
         } catch (error) {
             console.error('Error loading settings:', error);
         }

source/idea/idea-cluster-manager/webapp/src/pages/user-management/groups.tsx

@@ -24,6 +24,7 @@ import { IdeaSideNavigationProps } from "../../components/side-navigation";
 import IdeaAppLayout, { IdeaAppLayoutProps } from "../../components/app-layout";
 import { StatusIndicator } from "@cloudscape-design/components";
 import { withRouter } from "../../navigation/navigation-utils";
+import {Constants} from "../../common/constants";
 
 export interface GroupsProps extends IdeaAppLayoutProps, IdeaSideNavigationProps {}
 
@@ -263,7 +264,7 @@ class Groups extends Component<GroupsProps, GroupsState> {
                     {
                         id: "identity_source",
                         header: "Identity Source",
-                        cell: (e) => e.identity_source,
+                        cell: (e) => e.identity_source === Constants.COGNITO_USER_IDP_TYPE ? "Cognito" : e.identity_source,
                     },
                     {
                         id: "group_role",

source/idea/idea-cluster-manager/webapp/src/pages/user-management/users.tsx

@@ -24,6 +24,7 @@ import { StatusIndicator } from "@cloudscape-design/components";
 import { IdeaSideNavigationProps } from "../../components/side-navigation";
 import IdeaAppLayout, { IdeaAppLayoutProps } from "../../components/app-layout";
 import { withRouter } from "../../navigation/navigation-utils";
+import { Constants } from "../../common/constants";
 
 export interface UsersProps extends IdeaAppLayoutProps, IdeaSideNavigationProps {}
 
@@ -57,7 +58,7 @@ export const USER_TABLE_COLUMN_DEFINITIONS: TableProps.ColumnDefinition<User>[]
     {
         id: "identity_source",
         header: "Identity Source",
-        cell: (e) => e.identity_source,
+        cell: (e) => e.identity_source === Constants.COGNITO_USER_IDP_TYPE ? "Cognito" : e.identity_source,
     },
     {
         id: "sudo",

source/idea/idea-data-model/src/ideadatamodel/snapshots/snapshot_model.py

@@ -83,3 +83,4 @@ class RESVersion(str, Enum):
     v_2024_08 = "2024.08"
     v_2024_10 = "2024.10"
     v_2024_12 = "2024.12"
+    v_2024_12_01 = "2024.12.01"

source/idea/idea-data-model/src/ideadatamodel_meta/__init__.py

@@ -10,4 +10,4 @@
 #  and limitations under the License.
 
 __name__ = 'idea-data-model'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/idea-sdk/src/ideasdk_meta/__init__.py

@@ -12,4 +12,4 @@
 # pkgconfig for soca-sdk. no dependencies # noqa
 
 __name__ = 'idea-sdk'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/idea-virtual-desktop-controller/src/ideavirtualdesktopcontroller_meta/__init__.py

@@ -10,4 +10,4 @@
 #  and limitations under the License.
 
 __name__ = 'idea-virtual-desktop-controller'
-__version__ = '2024.12'
+__version__ = '2024.12.01'

source/idea/library/src/res_meta/__init__.py

@@ -2,4 +2,4 @@
 #  SPDX-License-Identifier: Apache-2.0
 
 __name__ = 'library'
-__version__ = '2024.12'
+__version__ = '2024.12.01'