noobaa-core icon indicating copy to clipboard operation
noobaa-core copied to clipboard

Published 20 hours ago verified publisher icon noobaa

NC | NSFS | Config Dir Restructure - Add `users/` Dir

Open shirady opened this issue 5 months ago • 0 comments

Explain the changes

  1. Update IAM API Users, Access Keys and additional changes in accountspace_fs:
  • Move the config creation from the function _copy_data_from_requesting_account_to_account_config to the create_user.
  • Fix the ARN account ID for root accounts that were operated by the roots accounts manager (before we copied the requesting_account._id which was true only for root accounts on IAM users).
  • Fix _check_root_account as it has a redundant line that was not relevant (it was there when we thought of additional case, but we never get to it).
  • Add 2 helper functions: _get_account_owner_id_for_arn, _get_owner_account_argument.
  • Improve performance in the function _check_if_root_account_does_not_have_IAM_users_before_deletion after we have the new structure.
  • Remove the comment about performance improvement on the function _check_if_root_account_does_not_have_buckets_before_deletion since there is no change in the config structure related to buckets.
  1. Update the ConfigFS module to support the new structure and also operate on users configs.
  2. Update docs with the config dire restructure (identities/, accounts_by_name/, users/directories).
  3. Update the IAM API tests:
  • Mainly reading the config file in the new structure.
  • Add account validation to accounts that were created hardcoded (to avoid schema changes without them updated).
  • Refactor it names to multiple lines.

Issues:

Open questions to answer in the CR:

  1. Should we delete the directory users/ if there are no users in the account? I decided not to delete it.
  2. What should the ARN of the account (not a user, the identity that the root accounts manager operates on) look like? I decided it will be arn:aws:iam::${account_id}:user/${username} the account_id is his _id and the username it is the account name.

List of GAPS:

  1. Add JSDoc in accountspace_fs methods.

Testing Instructions:

Unit Tests:

Please run: sudo npx jest test_accountspace_fs.test.js

Manual Tests:

Operate any IAM actions on users and access keys on the NSFS server as described in Non Containerized NSFS IAM (Developers Documentation)

  • [X] Doc added/updated
  • [X] Tests added

shirady avatar Aug 28 '24 08:08 shirady