Skip to content

NC | IAM | Return Empty List On Unimplemented Operations (list-group-for-user) #8920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 3, 2025

Conversation

shirady
Copy link
Contributor

@shirady shirady commented Mar 30, 2025

Describe the Problem

Currently, we have implemented a couple of operations in IAM that are related to Users and Access keys, but for the rest of the cases, we fail the request with the error NotImplemented. There are automated tools that use it and under the hood use the operation list-group-for-user.

Explain the Changes

  1. Add the operation list-group-for-user to the constants and add a handler that always returns an empty list on existing user.

Issues:

  1. Currently we throw the error NotImplemented on list-group-for-user (and on every unsupported operation).

GAP - we would like to do this kind of implementation for other list operation in IAM as well (in a separate PR).

Testing Instructions:

Automatic Tests:

Please run: sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_nc_iam_basic_integration.js

Manual Tests

  1. Create an account with noobaa CLI: sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /Users/buckets/ --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
    Note: before creating the account need to give permission to the new_buckets_path: chmod 777 /Users/buckets/.
  2. Start the NSFS server (using debug mode and the port for IAM): sudo node src/cmd/nsfs --debug 5 --https_port_iam 7005
  3. Create the alias for IAM service:
    alias nc-user-1-iam='AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:7005'
  4. Create a user: nc-user-1-iam iam create-user --user-name Bob
  5. Check the list-group-for-user: nc-user-1-iam iam list-groups-for-user --user-name Bob (and expect to see empty list)
  6. Check the list-group-for-user on non-exsiting-user: nc-user-1-iam iam list-groups-for-user --user-name non-existing-user (and expect to see an error NoSuchEntity)
  • Doc added/updated
  • Tests added

@shirady shirady self-assigned this Mar 30, 2025
@shirady shirady force-pushed the iam-add-empty-list branch from 2cfc837 to 43ff894 Compare April 2, 2025 16:05
@pull-request-size pull-request-size bot added size/L and removed size/M labels Apr 2, 2025
@shirady shirady merged commit 436b3d7 into noobaa:master Apr 3, 2025
11 checks passed
@shirady shirady deleted the iam-add-empty-list branch April 3, 2025 06:33
@romayalon romayalon mentioned this pull request May 22, 2025
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants