-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NC | NSFS | IAM | Tech Debts (IAM Integration Tests, Username Validation Move module and Allow IAM User to Create Bucket) #8661
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@shirady could you create a new PR that only adds the @aws-sdk/client-iam and if we are using it only for tests, make it a dev dependency |
@liranmauda Yes, thanks. |
2 tasks
romayalon
reviewed
Jan 14, 2025
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
January 16, 2025 12:17
d314801
to
ae9710c
Compare
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
January 20, 2025 14:52
ae9710c
to
1c0d5d5
Compare
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
January 21, 2025 07:23
1c0d5d5
to
9cfe133
Compare
romayalon
approved these changes
Jan 21, 2025
…ion Move module and Allow IAM User to Create Bucket) 1. IAM Integration Tests: add the file test_nc_iam_basic_integration.js and make the needed changes in the fiiles nc_coretest.js (add the IAM port), nc_index (add the new test in the CI) and test_utils.js (add the IAM client - like we have S3 client) - the IAM integration tests the APIs of IAM that we support today. 2. Username Validation Move the Module: we have 2 flows noobaa-cli and API (S3, IAM), and don't want to import modules between the flows and only from an above level. Therefore, I moved the function validate_username from the iam_utils to validation_utils, since it used other functions I also had to move them and move the testing file. 3. Allow IAM Users to Create Bucket - we temporarily didn't allow IAM users to create buckets. Signed-off-by: shirady <[email protected]>
shirady
changed the title
NC | NSFS| IAM | Tech Debts (IAM Integration Tests, Username Validation Move module and Allow IAM User to Create Bucket)
NC | NSFS | IAM | Tech Debts (IAM Integration Tests, Username Validation Move module and Allow IAM User to Create Bucket)
Jan 21, 2025
shirady
force-pushed
the
nsfs-nc-iam-past-tech-debts
branch
from
January 21, 2025 08:22
9515dff
to
d759a0e
Compare
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explain the changes
IAM Tech Debts (from an agreed list to wrap up the feature for now) including:
test_nc_iam_basic_integration.js
and make the needed changes in the filesnc_coretest.js
(add the IAM port),nc_index
(add the new test in the CI) andtest_utils.js
(add the IAM client - like we have S3 client) - the IAM integration tests the APIs of IAM that we support today.Please Notice that it contains only the happy path, as the goal was to ensure nothing was broken between the IAM request to the server and our response (internal validation was already implemented in unit tests).
validate_username
from theiam_utils
tovalidation_utils
, since it used other functions I also had to move them and move the testing file.Issues:
This PR was part of MCGI-282 IAM Tech Debts and the GAPS mentioned in the comments here were added in the Jira ticket (for example: adding interrogation tests for IAM and S3 together).
Testing Instructions:
1) IAM Integration Tests:
Automatic Tests
Please run the test:
sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_nc_iam_basic_integration.js
If you want to look at the logs in noobaa, you can:
cat nsfs_integration_test_log.txt
Manual Tests
In this PR I didn’t run manual tests, but if you want you can use this guide
2) Username Validation Move the Module:
Automatic Tests
Please run the tests:
npx jest test_iam_utils.test.js
(iam_utils
is the previous file that the function was taken from)npx jest test_nc_utils.test.js
(validation_utils
is the current file, where I moved the functions to)sudo npx jest test_nc_nsfs_account_cli.test.js
(contains the tests that were written in the past, search the test titles that include “invalid name”)3) Allow IAM Users to Create Bucket
Automatic Tests
Please run the test:
sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_bucketspace_fs.js
Manual Tests
sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /Users/buckets/ --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
Note: before creating the account need to give permission to the
new_buckets_path
:chmod 777 /Users/buckets/
.sudo node src/cmd/nsfs --debug 5 --https_port_iam 7005
alias nc-user-1-s3=‘AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443’
.nc-user-1-s3 s3 ls; echo $?
nc-user-1-iam='AWS_ACCESS_KEY_ID=<access-key-account> AWS_SECRET_ACCESS_KEY=<secret-key-account> aws --no-verify-ssl --endpoint-url https://localhost:7005/'
nc-user-1-iam iam list-users
nc-user-1-iam iam create-user --user-name Bob
andnc-user-1-iam iam create-access-key --user-name Bob
alias nc-user-1b-s3='AWS_ACCESS_KEY_ID=<access-key-user> AWS_SECRET_ACCESS_KEY=<secret-key-user> aws --no-verify-ssl --endpoint-url https://localhost:6443/'
nc-user-1b-s3 s3 ls; echo $?
nc-user-1b-s3 s3 mb s3://iam-bucket
owner_account
property is the account’s ID (the owner of the user):sudo cat /etc/noobaa.conf.d/buckets/iam-bucket.json | jq .
nc-user-1b-s3 s3 rb s3://iam-bucket