NSFS | NC | IAM Service - Phase 1 (dummy impls) #8009
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Explain the changes
Issues:
Gaps:
http_utils.authorize_session_token(req, headers_options);
andauthenticate_request(req);
in one place and reuse in S3, STS and IAM.nb.d
define the params in every action (even as an object inline).username
).Testing Instructions:
Unit Tests
Those tests are basic and test the return structure of the API.
sudo npx jest test_accountspace_fs.test.js
(without sudo will also work, but later tests in future PR will need the root permissions).Manual Tests
These tests will only test the flow of the service (without any changes in the config files).
sudo node src/cmd/manage_nsfs account add --name shira-1002 --new_buckets_path /tmp/nsfs_root1 --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
Note: before creating the account need to give permission to the
new_buckets_path
:chmod 777 /tmp/nsfs_root1
.sudo node src/cmd/nsfs --debug 5 --https_port_iam 7005
Note: before starting the server please add this line:
process.env.NOOBAA_LOG_LEVEL = 'nsfs';
in the endpoint.js (before the conditionif (process.env.NOOBAA_LOG_LEVEL) {
)alias s3-nc-user-1-iam='AWS_ACCESS_KEY_ID=<acess-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:7005'
.s3-nc-user-1-iam iam create-user --user-name Bob --path '/division_abc/subdivision_xyz/'
(more examples in the comment below)Note: For checking the error parsing: comment out the
return
part increate_user
and addthrow new IamError(IamError.AccessDeniedException);
.