Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

USERNAME_NOT_FOUND for created AWS IAM role user #1817

Closed
synapdk opened this issue Mar 28, 2023 · 4 comments · Fixed by #1901
Closed

USERNAME_NOT_FOUND for created AWS IAM role user #1817

synapdk opened this issue Mar 28, 2023 · 4 comments · Fixed by #1901

Comments

@synapdk
Copy link

synapdk commented Mar 28, 2023

After creating an AWS IAM role user using the CLI, describing the user returns this error.

To Reproduce

Command:

atlas dbuser create readWriteAnyDatabase --username arn:aws:iam::123:role/roleName --awsIAMType ROLE

Output:

Database user 'arn:aws:iam::123:role/roleName' successfully created.

Command:

atlas dbuser describe arn:aws:iam::123:role/roleName --authDB \$external

Output:

Error: GET https://cloud.mongodb.com/api/atlas/v1.0/groups/111/databaseUsers/$external/arn:aws:iam::123:role%25roleName: 404 (request "USERNAME_NOT_FOUND") No user with username arn:aws:iam::123:role%2FroleName exists.

Expected behavior
The created user is found and described.

version info

$ atlas --version
atlascli version: 1.5.1
git version: homebrew-release
Go version: go1.19.6
   os: darwin
   arch: amd64
   compiler: gc
@matt-condon
Copy link
Collaborator

Hi @synapdk

Could you try the command atlas dbuser list and let me know if the username is the same as the one provided in your request?

@synapdk
Copy link
Author

synapdk commented Mar 29, 2023

Thanks @matt-condon. It did match yesterday. I'm not sure if it's related or a distraction, but I'm now getting this error for all commands: https://www.mongodb.com/docs/atlas/cli/stable/troubleshooting/#401--request--unauthorized---you-are-not-authorized-for-this-resource.

I verified the location of the config file as instructed there. I tried logging out and got a 500:

$ atlas auth logout
? Are you sure you want to log out of account dylan@synap.io? Yes
Error: POST https://cloud.mongodb.com/api/private/unauth/account/device/revoke: 500 (request "UNEXPECTED_ERROR") Unexpected error.

And it seems to still have me logged in:

$ atlas auth whoami
Logged in as dylan@synap.io

Sorry if this is veering into support territory, but it does seem like there might be a bug somewhere here and I'm not sure what to try next.

@synapdk
Copy link
Author

synapdk commented Mar 29, 2023

I deleted my config.toml file and was able to log in again. Now I can verify the expected output in the users list:

$ atlas dbusers list
USERNAME                                                                            DATABASE
synap                                                                               admin
arn:aws:iam::123:role/roleName   $external

My actual role name has a couple of dashes in it and is 50 characters long, but doesn't seem to cause other issues.

@matt-condon
Copy link
Collaborator

Thanks for raising this @synapdk
I've had a look locally and can reproduce the same.
It seems to be a problem with our URL encoding in our Go SDK, which applies only for AWS IAM role users

I'll create a ticket and we can prepare a fix for the next release

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants