NC | NSFS | IAM | Tech Debts (IAM Integration Tests, Username Validation Move module and Allow IAM User to Create Bucket)#8661
Merged
Conversation
Contributor
|
@shirady could you create a new PR that only adds the @aws-sdk/client-iam and if we are using it only for tests, make it a dev dependency |
Contributor
Author
@liranmauda Yes, thanks. |
2 tasks
romayalon
reviewed
Jan 14, 2025
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
d314801 to
ae9710c
Compare
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
ae9710c to
1c0d5d5
Compare
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
1c0d5d5 to
9cfe133
Compare
romayalon
approved these changes
Jan 21, 2025
…ion Move module and Allow IAM User to Create Bucket) 1. IAM Integration Tests: add the file test_nc_iam_basic_integration.js and make the needed changes in the fiiles nc_coretest.js (add the IAM port), nc_index (add the new test in the CI) and test_utils.js (add the IAM client - like we have S3 client) - the IAM integration tests the APIs of IAM that we support today. 2. Username Validation Move the Module: we have 2 flows noobaa-cli and API (S3, IAM), and don't want to import modules between the flows and only from an above level. Therefore, I moved the function validate_username from the iam_utils to validation_utils, since it used other functions I also had to move them and move the testing file. 3. Allow IAM Users to Create Bucket - we temporarily didn't allow IAM users to create buckets. Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
shirady
changed the title
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
9515dff to
d759a0e
Compare
3 tasks
2 tasks
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explain the changes
IAM Tech Debts (from an agreed list to wrap up the feature for now) including:
test_nc_iam_basic_integration.jsand make the needed changes in the filesnc_coretest.js(add the IAM port),nc_index(add the new test in the CI) andtest_utils.js(add the IAM client - like we have S3 client) - the IAM integration tests the APIs of IAM that we support today.Please Notice that it contains only the happy path, as the goal was to ensure nothing was broken between the IAM request to the server and our response (internal validation was already implemented in unit tests).
validate_usernamefrom theiam_utilstovalidation_utils, since it used other functions I also had to move them and move the testing file.Issues:
This PR was part of MCGI-282 IAM Tech Debts and the GAPS mentioned in the comments here were added in the Jira ticket (for example: adding interrogation tests for IAM and S3 together).
Testing Instructions:
1) IAM Integration Tests:
Automatic Tests
Please run the test:
sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_nc_iam_basic_integration.jsIf you want to look at the logs in noobaa, you can:
cat nsfs_integration_test_log.txtManual Tests
In this PR I didn’t run manual tests, but if you want you can use this guide
2) Username Validation Move the Module:
Automatic Tests
Please run the tests:
npx jest test_iam_utils.test.js(iam_utilsis the previous file that the function was taken from)npx jest test_nc_utils.test.js(validation_utilsis the current file, where I moved the functions to)sudo npx jest test_nc_nsfs_account_cli.test.js(contains the tests that were written in the past, search the test titles that include “invalid name”)3) Allow IAM Users to Create Bucket
Automatic Tests
Please run the test:
sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_bucketspace_fs.jsManual Tests
sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /Users/buckets/ --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>Note: before creating the account need to give permission to the
new_buckets_path:chmod 777 /Users/buckets/.sudo node src/cmd/nsfs --debug 5 --https_port_iam 7005alias nc-user-1-s3=‘AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443’.nc-user-1-s3 s3 ls; echo $?nc-user-1-iam='AWS_ACCESS_KEY_ID=<access-key-account> AWS_SECRET_ACCESS_KEY=<secret-key-account> aws --no-verify-ssl --endpoint-url https://localhost:7005/'nc-user-1-iam iam list-usersnc-user-1-iam iam create-user --user-name Bobandnc-user-1-iam iam create-access-key --user-name Bobalias nc-user-1b-s3='AWS_ACCESS_KEY_ID=<access-key-user> AWS_SECRET_ACCESS_KEY=<secret-key-user> aws --no-verify-ssl --endpoint-url https://localhost:6443/'nc-user-1b-s3 s3 ls; echo $?nc-user-1b-s3 s3 mb s3://iam-bucketowner_accountproperty is the account’s ID (the owner of the user):sudo cat /etc/noobaa.conf.d/buckets/iam-bucket.json | jq .nc-user-1b-s3 s3 rb s3://iam-bucket