Comments (6)
Since we currently happen to have a scratch AWS organisation for testing, I have been able to poke around here.
With an empty SSO and 11 selected groups in Google (max of 22 users per filtered group) using the default --sync-method groups
running from master
we consistently encounter this 404 error when it tries to add a user to a newly created group so it feels like a consistency/timing issue in SSO:
2021-11-24T03:15:26.439Z {"level":"debug","msg":"creating aws groups added in google","time":"2021-11-24T03:15:26Z"}
2021-11-24T03:15:26.439Z {"group":"AWS Foo Group","level":"info","msg":"creating group","time":"2021-11-24T03:15:26Z"}
2021-11-24T03:15:26.513Z {"group":"AWS Foo Group","level":"debug","msg":"finding user","time":"2021-11-24T03:15:26Z"}
2021-11-24T03:15:26.557Z {"group":"AWS Foo Group","level":"info","msg":"adding user to group","time":"2021-11-24T03:15:26Z","user":"[email protected]"}
2021-11-24T03:15:26.557Z {"group":"AWS Foo Group","level":"debug","msg":"Group Change","operations":"add","time":"2021-11-24T03:15:26Z","user":"[email protected]"}
2021-11-24T03:15:26.582Z status of http response was 404: errorString
null
I can also confirm that with #45 we still encounter it (in case anyone is wondering if that PR helps - we need that fix too for other reasons).
However having applied #47 on top of that and having removed the groups and users from SSO to start clean, I am not seeing this 404 at all.
from ssosync.
This could be a nice improvement just to work as atomic operations
in case the function reaches the AWS SSO-SCIM API
limits before creating the groups or assigning users to their respective groups
I'll see how to implement this, but is a big refactor of the way the function SyncGroupsUsers works when --sync-method
is groups
from ssosync.
This does not happen consistently with all groups. I am able to sync another group without issues without problems.
@mam8cc are the membership size for these groups different?
from ssosync.
Hey @joshuachong, thanks for getting back so quickly. Yes the AWS Admin
group is 8 members, and AWS Power Users
has around 60. It is worth noting that the 8 users in AWS Admin are also in AWS Power Users, but that wouldn't impact a clean run, I'd think.
from ssosync.
Just FYI: 404 is always spitted when adding a first user to a group that did not exist prior to ssosync run.
It's probably not waiting for the group to properly start "existing" as a second ssosync run passes that point.
I.e. if you have 5 new groups you need to run ssosync 6 times and only the last one will succeed.
from ssosync.
I believe this issue has been resolved. by release v2.0.0. Please let me know if you are still seeing this.
from ssosync.
Related Issues (20)
- IgnoreGroups and potentially other regexes have invalid checks
- Allow external members in groups to be users in IAM Identity Center? HOT 1
- Expand user attribute replication
- Configurable handling of 'manually created' Users/Groups in IAM Identity Center HOT 3
- Expand the Options for storing the sensitive parameters to include binaray secrets and SSM Parameter Store HOT 2
- [Not a bug] By mistake I've destroyed our SSO Sync and lost all of the secrets HOT 3
- DeletePolicy Protection for Secrets and Keys
- Error 404: Domain not found HOT 2
- Update SAR ReadMe
- Nested group flattening not working HOT 3
- The security token included in the request is expired HOT 5
- Group owners should be also a group members HOT 1
- Allow GWS service accounts without impersonation HOT 2
- SAM CLI validation is incorrect HOT 1
- SSO Lambda Deletes then Recreates Users HOT 5
- get google users googleapi: Error 400: Invalid Input, invalid HOT 8
- Please provide one example of a correct use of the tool
- Lambda Function Failing with 401 Error After Updating SCIM Access Token HOT 1
- Group flattening can lead to conflicts due to non-uniqueness HOT 2
- Name Handling HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssosync.