diff --git a/CHANGELOG.md b/CHANGELOG.md index e2612c2..f232a9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log This file is used to list changes made in each release of Research and Engineering Studio (RES). +2024.12.01 +------ + +**BUG FIXES** + +- Resolved an issue where Cognito users were unable to provision VDIs when the RES environment is not setup with Active Directory. + 2024.12 ------ diff --git a/RES_VERSION.txt b/RES_VERSION.txt index 3818306..9550c9e 100644 --- a/RES_VERSION.txt +++ b/RES_VERSION.txt @@ -1 +1 @@ -2024.12 +2024.12.01 diff --git a/source/idea/ad-sync/src/adsync_meta/__init__.py b/source/idea/ad-sync/src/adsync_meta/__init__.py index 6b79eda..4d39151 100644 --- a/source/idea/ad-sync/src/adsync_meta/__init__.py +++ b/source/idea/ad-sync/src/adsync_meta/__init__.py @@ -2,4 +2,4 @@ # SPDX-License-Identifier: Apache-2.0 __name__ = "ad-sync" -__version__ = "2024.12" +__version__ = "2024.12.01" diff --git a/source/idea/idea-administrator/src/ideaadministrator_meta/__init__.py b/source/idea/idea-administrator/src/ideaadministrator_meta/__init__.py index 1c832bb..21be7a8 100644 --- a/source/idea/idea-administrator/src/ideaadministrator_meta/__init__.py +++ b/source/idea/idea-administrator/src/ideaadministrator_meta/__init__.py @@ -12,4 +12,4 @@ # pkg config for soca-admin. no dependencies. __name__ = 'idea-administrator' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/idea-bastion-host/src/ideabastionhost_meta/__init__.py b/source/idea/idea-bastion-host/src/ideabastionhost_meta/__init__.py index 458642a..e2a7820 100644 --- a/source/idea/idea-bastion-host/src/ideabastionhost_meta/__init__.py +++ b/source/idea/idea-bastion-host/src/ideabastionhost_meta/__init__.py @@ -10,4 +10,4 @@ # and limitations under the License. __name__ = 'idea-bastion-host' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/idea-bootstrap/_templates/linux/join_activedirectory.jinja2 b/source/idea/idea-bootstrap/_templates/linux/join_activedirectory.jinja2 index 3194a69..f9f22fe 100644 --- a/source/idea/idea-bootstrap/_templates/linux/join_activedirectory.jinja2 +++ b/source/idea/idea-bootstrap/_templates/linux/join_activedirectory.jinja2 @@ -113,42 +113,6 @@ ad_automation_request_authorization ad_automation_wait_for_authorization_and_join # ad_automation_wait_for_authorization_and_join exports IDEA_HOSTNAME for our Kerberos info -grep -q "## Add the \"${AD_SUDOERS_GROUP_NAME}\"" /etc/sudoers -if [[ "$?" != "0" ]]; then - echo -e " -## Add the \"${AD_SUDOERS_GROUP_NAME}\" group from the ${AD_DOMAIN_NAME} domain. -%${AD_SUDOERS_GROUP_NAME_ESCAPED} ALL=(ALL:ALL) ALL -">> /etc/sudoers -fi - -function add_admins_to_sudoers () { - if [[ ! -f "/root/.convert_from_dynamodb_object.jq" ]]; then - create_jq_ddb_filter - fi - - admins=$($AWS dynamodb query \ - --table-name ${RES_USER_TABLE} \ - --index-name role-index \ - --key-condition-expression "#R=:r1" --expression-attribute-names '{"#R":"role"}' \ - --expression-attribute-values '{":r1":{"S":"admin"}}' \ - --region "${AWS_REGION}" | jq -f /root/.convert_from_dynamodb_object.jq) - - for row in $(echo "${admins}" | jq -r '.Items[] | @base64'); do - is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \ - -r '.additional_groups | any(. == $sudoers_group)') - if [ "$is_part_of_sudoer_group" = false ] ; then - admin=$(echo $row | base64 --decode | jq -r '.username') - echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers - fi - done -} - -grep -q "## Add RES admins to sudoers" /etc/sudoers -if [[ "$?" != "0" ]]; then - echo "## Add RES admins to sudoers" >> /etc/sudoers - add_admins_to_sudoers -fi - if [[ -f /etc/sssd/sssd.conf ]]; then cp /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig fi @@ -213,12 +177,4 @@ chmod 600 /etc/sssd/sssd.conf systemctl enable sssd systemctl restart sssd -# note: sss is removed for nsswitch to compared to openldap, to avoid mail spams. -grep -q "sudoers: files" /etc/nsswitch.conf -if [[ "$?" != "0" ]]; then - echo "sudoers: files" >> /etc/nsswitch.conf -fi - # End: Join ActiveDirectory - - diff --git a/source/idea/idea-bootstrap/_templates/linux/join_directoryservice.jinja2 b/source/idea/idea-bootstrap/_templates/linux/join_directoryservice.jinja2 index b82dd19..53fba6b 100644 --- a/source/idea/idea-bootstrap/_templates/linux/join_directoryservice.jinja2 +++ b/source/idea/idea-bootstrap/_templates/linux/join_directoryservice.jinja2 @@ -9,7 +9,6 @@ {%- if context.config.get_string('directoryservice.provider') in ['activedirectory', 'aws_managed_activedirectory'] %} {%- if (context.config.get_string('directoryservice.disable_ad_join') == 'True') or (context.module_name == "cluster-manager") or (context.module_name == "bastion-host")%} {%- include '_templates/linux/connect_activedirectory.jinja2' %} -{% include '_templates/linux/set_sudoers.jinja2' %} {%- else %} {%- include '_templates/linux/join_activedirectory.jinja2' %} {% endif -%} diff --git a/source/idea/idea-bootstrap/_templates/linux/set_sudoers.jinja2 b/source/idea/idea-bootstrap/_templates/linux/set_sudoers.jinja2 index 48dc8df..a46dcbb 100644 --- a/source/idea/idea-bootstrap/_templates/linux/set_sudoers.jinja2 +++ b/source/idea/idea-bootstrap/_templates/linux/set_sudoers.jinja2 @@ -1,4 +1,5 @@ RES_USER_TABLE="${IDEA_CLUSTER_NAME}.accounts.users" +{% if context.config.get_string('directoryservice.name', default='') != '' %} AD_SUDOERS_GROUP_NAME="{{ context.config.get_string('directoryservice.sudoers.group_name', required=True) }}" AD_SUDOERS_GROUP_NAME_ESCAPED="{{ context.config.get_string('directoryservice.sudoers.group_name', required=True).replace(' ', '\ ') }}" @@ -9,6 +10,7 @@ if [[ "$?" != "0" ]]; then %${AD_SUDOERS_GROUP_NAME_ESCAPED} ALL=(ALL:ALL) ALL ">> /etc/sudoers fi +{% endif %} function add_admins_to_sudoers () { if [[ ! -f "/root/.convert_from_dynamodb_object.jq" ]]; then @@ -24,12 +26,17 @@ function add_admins_to_sudoers () { --region "${AWS_REGION}" | jq -f /root/.convert_from_dynamodb_object.jq) for row in $(echo "${admins}" | jq -r '.Items[] | @base64'); do - is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \ - -r '.additional_groups | any(. == $sudoers_group)') - if [ "$is_part_of_sudoer_group" = false ] ; then - admin=$(echo $row | base64 --decode | jq -r '.username') - echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers - fi + {% if context.config.get_string('directoryservice.name', default='') != '' %} + is_part_of_sudoer_group=$(echo $row | base64 --decode | jq --arg sudoers_group "$AD_SUDOERS_GROUP_NAME" \ + -r '.additional_groups | any(. == $sudoers_group)') + if [ "$is_part_of_sudoer_group" = false ] ; then + admin=$(echo $row | base64 --decode | jq -r '.username') + echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers + fi + {% else %} + admin=$(echo $row | base64 --decode | jq -r '.username') + echo "${admin} ALL=(ALL:ALL) ALL">> /etc/sudoers + {% endif %} done } @@ -44,4 +51,3 @@ grep -q "sudoers: files" /etc/nsswitch.conf if [[ "$?" != "0" ]]; then echo "sudoers: files" >> /etc/nsswitch.conf fi - diff --git a/source/idea/idea-bootstrap/common/configure_cognito_modules.sh b/source/idea/idea-bootstrap/common/configure_cognito_modules.sh index 79a89bb..6f11615 100644 --- a/source/idea/idea-bootstrap/common/configure_cognito_modules.sh +++ b/source/idea/idea-bootstrap/common/configure_cognito_modules.sh @@ -104,8 +104,8 @@ setup_nss() { # Example of what the updated lines will look like is shown below #passwd: files sss cognito #group: files sss cognito - grep -q "^passwd.*cognito" /etc/nsswitch.conf || sed -i 's/\(^passwd:.*sss\)/\1 cognito/' /etc/nsswitch.conf; - grep -q "^group.*cognito" /etc/nsswitch.conf || sed -i 's/\(^group:.*sss\)/\1 cognito/' /etc/nsswitch.conf; + grep -q "^passwd.*cognito" /etc/nsswitch.conf || sed -i 's/\(^passwd:.*\)/\1 cognito/' /etc/nsswitch.conf; + grep -q "^group.*cognito" /etc/nsswitch.conf || sed -i 's/\(^group:.*\)/\1 cognito/' /etc/nsswitch.conf; # Create cache directory mkdir -p /opt/cognito_auth/ diff --git a/source/idea/idea-bootstrap/virtual-desktop-host-linux/configure.sh.jinja2 b/source/idea/idea-bootstrap/virtual-desktop-host-linux/configure.sh.jinja2 index a9c9cb8..ce11265 100644 --- a/source/idea/idea-bootstrap/virtual-desktop-host-linux/configure.sh.jinja2 +++ b/source/idea/idea-bootstrap/virtual-desktop-host-linux/configure.sh.jinja2 @@ -135,7 +135,9 @@ if [[ ! -f ${CONFIG_FINISHED_LOCK} ]]; then {% include '_templates/linux/motd.jinja2' %} {%- endwith %} - {% include '_templates/linux/join_directoryservice.jinja2' %} + {% if context.config.get_string('directoryservice.name', default='') != '' %} + {% include '_templates/linux/join_directoryservice.jinja2' %} + {% endif %} {% if context.config.get_string('scheduler.provider') == 'openpbs' %} {% include '_templates/linux/openpbs_client.jinja2' %} @@ -145,6 +147,8 @@ if [[ ! -f ${CONFIG_FINISHED_LOCK} ]]; then /bin/bash "${SCRIPT_DIR}/../common/configure_cognito_modules.sh" -o "${RES_BASE_OS}" -s "${SCRIPT_DIR}" -u "${IDEA_SESSION_OWNER}" -r "${AWS_REGION}" -i "${COGNITO_MIN_ID}" -a "${COGNITO_MAX_ID}" -d "${COGNITO_UID_ATTRIBUTE}" -p "${USER_POOL_ID}" -c "${VDI_CLIENT_ID}" -g "${COGNITO_DEFAULT_USER_GROUP}" -x "${https_proxy}" {% endif %} + {% include '_templates/linux/set_sudoers.jinja2' %} + #Begin: Configure SSH Key Gen /bin/bash "${SCRIPT_DIR}/../common/configure_ssh_keygen.sh" -o "${RES_BASE_OS}" -s "${SCRIPT_DIR}" -u "${IDEA_SESSION_OWNER}" #End: Configure SSH Key Gen diff --git a/source/idea/idea-cluster-manager/src/ideaclustermanager/app/snapshots/helpers/apply_snapshots_config.py b/source/idea/idea-cluster-manager/src/ideaclustermanager/app/snapshots/helpers/apply_snapshots_config.py index 49fa5dc..4721edb 100644 --- a/source/idea/idea-cluster-manager/src/ideaclustermanager/app/snapshots/helpers/apply_snapshots_config.py +++ b/source/idea/idea-cluster-manager/src/ideaclustermanager/app/snapshots/helpers/apply_snapshots_config.py @@ -34,6 +34,7 @@ RESVersion.v_2024_08, RESVersion.v_2024_10, RESVersion.v_2024_12, + RESVersion.v_2024_12_01, ] TABLE_TO_TABLE_KEYS_BY_VERSION: Dict[TableName, Dict[RESVersion, TableKeys]] = { diff --git a/source/idea/idea-cluster-manager/src/ideaclustermanager_meta/__init__.py b/source/idea/idea-cluster-manager/src/ideaclustermanager_meta/__init__.py index 27966d6..30c68eb 100644 --- a/source/idea/idea-cluster-manager/src/ideaclustermanager_meta/__init__.py +++ b/source/idea/idea-cluster-manager/src/ideaclustermanager_meta/__init__.py @@ -10,4 +10,4 @@ # and limitations under the License. __name__ = 'idea-cluster-manager' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/idea-cluster-manager/webapp/.env b/source/idea/idea-cluster-manager/webapp/.env index 39eafe0..4753e5e 100644 --- a/source/idea/idea-cluster-manager/webapp/.env +++ b/source/idea/idea-cluster-manager/webapp/.env @@ -1,4 +1,4 @@ REACT_APP_IDEA_HTTP_ENDPOINT="http://localhost:8080" REACT_APP_IDEA_ALB_ENDPOINT="http://localhost:8080" REACT_APP_IDEA_HTTP_API_SUFFIX="/api/v1" -REACT_APP_IDEA_RELEASE_VERSION="2024.12" +REACT_APP_IDEA_RELEASE_VERSION="2024.12.01" diff --git a/source/idea/idea-cluster-manager/webapp/package.json b/source/idea/idea-cluster-manager/webapp/package.json index 52a55c8..4308690 100644 --- a/source/idea/idea-cluster-manager/webapp/package.json +++ b/source/idea/idea-cluster-manager/webapp/package.json @@ -1,6 +1,6 @@ { "name": "web-portal", - "version": "2024.12", + "version": "2024.12.01", "private": true, "dependencies": { "@cloudscape-design/components": "^3.0.82", diff --git a/source/idea/idea-cluster-manager/webapp/src/pages/cluster-admin/identity-management.tsx b/source/idea/idea-cluster-manager/webapp/src/pages/cluster-admin/identity-management.tsx index f84894b..f25d844 100644 --- a/source/idea/idea-cluster-manager/webapp/src/pages/cluster-admin/identity-management.tsx +++ b/source/idea/idea-cluster-manager/webapp/src/pages/cluster-admin/identity-management.tsx @@ -50,14 +50,25 @@ class IdentityManagement extends Component { { id: "identity_source", header: "Identity Source", - cell: (e) => e.identity_source, + cell: (e) => e.identity_source === Constants.COGNITO_USER_IDP_TYPE ? "Cognito" : e.identity_source, }, { id: "group_role", diff --git a/source/idea/idea-cluster-manager/webapp/src/pages/user-management/users.tsx b/source/idea/idea-cluster-manager/webapp/src/pages/user-management/users.tsx index 9bdb652..4c55e73 100644 --- a/source/idea/idea-cluster-manager/webapp/src/pages/user-management/users.tsx +++ b/source/idea/idea-cluster-manager/webapp/src/pages/user-management/users.tsx @@ -24,6 +24,7 @@ import { StatusIndicator } from "@cloudscape-design/components"; import { IdeaSideNavigationProps } from "../../components/side-navigation"; import IdeaAppLayout, { IdeaAppLayoutProps } from "../../components/app-layout"; import { withRouter } from "../../navigation/navigation-utils"; +import { Constants } from "../../common/constants"; export interface UsersProps extends IdeaAppLayoutProps, IdeaSideNavigationProps {} @@ -57,7 +58,7 @@ export const USER_TABLE_COLUMN_DEFINITIONS: TableProps.ColumnDefinition[] { id: "identity_source", header: "Identity Source", - cell: (e) => e.identity_source, + cell: (e) => e.identity_source === Constants.COGNITO_USER_IDP_TYPE ? "Cognito" : e.identity_source, }, { id: "sudo", diff --git a/source/idea/idea-data-model/src/ideadatamodel/snapshots/snapshot_model.py b/source/idea/idea-data-model/src/ideadatamodel/snapshots/snapshot_model.py index 4550d80..026690c 100644 --- a/source/idea/idea-data-model/src/ideadatamodel/snapshots/snapshot_model.py +++ b/source/idea/idea-data-model/src/ideadatamodel/snapshots/snapshot_model.py @@ -83,3 +83,4 @@ class RESVersion(str, Enum): v_2024_08 = "2024.08" v_2024_10 = "2024.10" v_2024_12 = "2024.12" + v_2024_12_01 = "2024.12.01" diff --git a/source/idea/idea-data-model/src/ideadatamodel_meta/__init__.py b/source/idea/idea-data-model/src/ideadatamodel_meta/__init__.py index 02b5b1e..d67d91a 100644 --- a/source/idea/idea-data-model/src/ideadatamodel_meta/__init__.py +++ b/source/idea/idea-data-model/src/ideadatamodel_meta/__init__.py @@ -10,4 +10,4 @@ # and limitations under the License. __name__ = 'idea-data-model' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/idea-sdk/src/ideasdk_meta/__init__.py b/source/idea/idea-sdk/src/ideasdk_meta/__init__.py index 7c38a77..bc639d6 100644 --- a/source/idea/idea-sdk/src/ideasdk_meta/__init__.py +++ b/source/idea/idea-sdk/src/ideasdk_meta/__init__.py @@ -12,4 +12,4 @@ # pkgconfig for soca-sdk. no dependencies # noqa __name__ = 'idea-sdk' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/idea-virtual-desktop-controller/src/ideavirtualdesktopcontroller_meta/__init__.py b/source/idea/idea-virtual-desktop-controller/src/ideavirtualdesktopcontroller_meta/__init__.py index 9e35b93..247129b 100644 --- a/source/idea/idea-virtual-desktop-controller/src/ideavirtualdesktopcontroller_meta/__init__.py +++ b/source/idea/idea-virtual-desktop-controller/src/ideavirtualdesktopcontroller_meta/__init__.py @@ -10,4 +10,4 @@ # and limitations under the License. __name__ = 'idea-virtual-desktop-controller' -__version__ = '2024.12' +__version__ = '2024.12.01' diff --git a/source/idea/library/src/res_meta/__init__.py b/source/idea/library/src/res_meta/__init__.py index 692d660..e51c8a8 100644 --- a/source/idea/library/src/res_meta/__init__.py +++ b/source/idea/library/src/res_meta/__init__.py @@ -2,4 +2,4 @@ # SPDX-License-Identifier: Apache-2.0 __name__ = 'library' -__version__ = '2024.12' +__version__ = '2024.12.01'