Added support for tags for IAM users

Signed-off-by: Aayush Chouhan <achouhan@redhat.com>

Author: aayushchouhan09

src/endpoint/iam/iam_constants.js

@@ -12,7 +12,10 @@ const IAM_ACTIONS = Object.freeze({
     GET_ACCESS_KEY_LAST_USED: 'get_access_key_last_used',
     UPDATE_ACCESS_KEY: 'update_access_key',
     DELETE_ACCESS_KEY: 'delete_access_key',
-    LIST_ACCESS_KEYS: 'list_access_keys'
+    LIST_ACCESS_KEYS: 'list_access_keys',
+    TAG_USER: 'tag_user',
+    UNTAG_USER: 'untag_user',
+    LIST_USER_TAGS: 'list_user_tags',
 });
 
 // key: action - the function name on accountspace_fs (snake case style)
@@ -29,6 +32,9 @@ const ACTION_MESSAGE_TITLE_MAP = Object.freeze({
     'update_access_key': 'UpdateAccessKey',
     'delete_access_key': 'DeleteAccessKey',
     'list_access_keys': 'ListAccessKeys',
+    'tag_user': 'TagUser',
+    'untag_user': 'UntagUser',
+    'list_user_tags': 'ListUserTags',
 });
 
 const ACCESS_KEY_STATUS_ENUM = Object.freeze({
@@ -43,6 +49,7 @@ const IDENTITY_ENUM = Object.freeze({
 
 // miscellaneous
 const DEFAULT_MAX_ITEMS = 100;
+const DEFAULT_MAX_TAGS = 50;
 const MAX_NUMBER_OF_ACCESS_KEYS = 2;
 const IAM_DEFAULT_PATH = '/';
 const AWS_NOT_USED = 'N/A'; // can be used in case the region or the service name were not used
@@ -66,6 +73,7 @@ exports.ACTION_MESSAGE_TITLE_MAP = ACTION_MESSAGE_TITLE_MAP;
 exports.ACCESS_KEY_STATUS_ENUM = ACCESS_KEY_STATUS_ENUM;
 exports.IDENTITY_ENUM = IDENTITY_ENUM;
 exports.DEFAULT_MAX_ITEMS = DEFAULT_MAX_ITEMS;
+exports.DEFAULT_MAX_TAGS = DEFAULT_MAX_TAGS;
 exports.MAX_NUMBER_OF_ACCESS_KEYS = MAX_NUMBER_OF_ACCESS_KEYS;
 exports.IAM_DEFAULT_PATH = IAM_DEFAULT_PATH;
 exports.AWS_NOT_USED = AWS_NOT_USED;

src/endpoint/iam/iam_rest.js

@@ -63,6 +63,8 @@ const ACTIONS = Object.freeze({
     'ListUserPolicies': 'list_user_policies',
     'ListUserTags': 'list_user_tags',
     'ListVirtualMFADevices': 'list_virtual_mfa_devices',
+    'TagUser': 'tag_user',
+    'UntagUser': 'untag_user',
 });
 
 // notice: shows all methods as method post
@@ -79,6 +81,10 @@ const IAM_OPS = js_utils.deep_freeze({
     post_update_access_key: require('./ops/iam_update_access_key'),
     post_delete_access_key: require('./ops/iam_delete_access_key'),
     post_list_access_keys: require('./ops/iam_list_access_keys'),
+    // user tags
+    post_tag_user: require('./ops/iam_tag_user'),
+    post_untag_user: require('./ops/iam_untag_user'),
+    post_list_user_tags: require('./ops/iam_list_user_tags'),
     // other (currently ops that return empty or NoSuchEntity error - just not to fail them)
     post_list_groups_for_user: require('./ops/iam_list_groups_for_user.js'),
     post_list_account_aliases: require('./ops/iam_list_account_aliases.js'),
@@ -107,7 +113,6 @@ const IAM_OPS = js_utils.deep_freeze({
     post_list_signing_certificates: require('./ops/iam_list_signing_certificates.js'),
     post_list_ssh_public_keys: require('./ops/iam_list_ssh_public_keys.js'),
     post_list_user_policies: require('./ops/iam_list_user_policies.js'),
-    post_list_user_tags: require('./ops/iam_list_user_tags.js'),
     post_list_virtual_mfa_devices: require('./ops/iam_list_virtual_mfa_devices.js'),
 });
 

src/endpoint/iam/iam_utils.js

@@ -117,6 +117,15 @@ function validate_user_params(action, params) {
         case iam_constants.IAM_ACTIONS.LIST_USERS:
             validate_list_users(params);
           break;
+        case iam_constants.IAM_ACTIONS.TAG_USER:
+            validate_tag_user_params(params);
+          break;
+        case iam_constants.IAM_ACTIONS.UNTAG_USER:
+            validate_untag_user_params(params);
+          break;
+        case iam_constants.IAM_ACTIONS.LIST_USER_TAGS:
+            validate_list_user_tags_params(params);
+          break;
         default:
           throw new RpcError('INTERNAL_ERROR', `${action} is not supported`);
       }
@@ -478,6 +487,49 @@ function translate_rpc_error(err) {
     throw err;
 }
 
+/**
+ * validate_tag_user_params checks the params for tag_user action
+ * @param {object} params
+ */
+function validate_tag_user_params(params) {
+    try {
+        check_required_username(params);
+        validation_utils.validate_iam_tags(params.tags);
+        validation_utils.validate_username(params.username, iam_constants.IAM_PARAMETER_NAME.USERNAME);
+    } catch (err) {
+        translate_rpc_error(err);
+    }
+}
+
+/**
+ * validate_untag_user_params checks the params for untag_user action
+ * @param {object} params
+ */
+function validate_untag_user_params(params) {
+    try {
+        check_required_username(params);
+        validation_utils.validate_iam_tag_keys(params.tag_keys);
+        validation_utils.validate_username(params.username, iam_constants.IAM_PARAMETER_NAME.USERNAME);
+    } catch (err) {
+        translate_rpc_error(err);
+    }
+}
+
+/**
+ * validate_list_user_tags_params checks the params for list_user_tags action
+ * @param {object} params
+ */
+function validate_list_user_tags_params(params) {
+    try {
+        check_required_username(params);
+        validate_marker(params.marker);
+        validate_max_items(params.max_items);
+        validation_utils.validate_username(params.username, iam_constants.IAM_PARAMETER_NAME.USERNAME);
+    } catch (err) {
+        translate_rpc_error(err);
+    }
+}
+
 // EXPORTS
 exports.format_iam_xml_date = format_iam_xml_date;
 exports.create_arn_for_user = create_arn_for_user;
@@ -490,4 +542,7 @@ exports.validate_iam_path = validate_iam_path;
 exports.validate_marker = validate_marker;
 exports.validate_access_key_id = validate_access_key_id;
 exports.validate_status = validate_status;
+exports.validate_tag_user_params = validate_tag_user_params;
+exports.validate_untag_user_params = validate_untag_user_params;
+exports.validate_list_user_tags_params = validate_list_user_tags_params;
 

src/endpoint/iam/ops/iam_list_user_tags.js

@@ -14,21 +14,26 @@ async function list_user_tags(req, res) {
     const params = {
         username: req.body.user_name,
         marker: req.body.marker,
-        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_TAGS,
     };
 
-    dbg.log1('To check that we have the user we will run the IAM GET USER', params);
-    iam_utils.validate_params(iam_constants.IAM_ACTIONS.GET_USER, params);
-    await req.account_sdk.get_user(params);
+    dbg.log1('IAM LIST USER TAGS', params);
+    iam_utils.validate_params(iam_constants.IAM_ACTIONS.LIST_USER_TAGS, params);
+    const reply = await req.account_sdk.list_user_tags(params);
 
-    dbg.log1('IAM LIST USER TAGS (returns empty list on every request)', params);
+    const result = {
+        Tags: reply.tags,
+        IsTruncated: reply.is_truncated
+    };
+
+    if (reply.marker) {
+        result.Marker = reply.marker;
+    }
+    dbg.log2('list_user_tags reply', result);
 
     return {
         ListUserTagsResponse: {
-            ListUserTagsResult: {
-                Tags: [],
-                IsTruncated: false,
-            },
+            ListUserTagsResult: result,
             ResponseMetadata: {
                 RequestId: req.request_id,
             }

src/endpoint/iam/ops/iam_tag_user.js

@@ -0,0 +1,49 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_TagUser.html
+ */
+async function tag_user(req, res) {
+
+    const tags = [];
+    let tag_index = 1;
+    while (req.body[`tags_member_${tag_index}_key`]) {
+        tags.push({
+            key: req.body[`tags_member_${tag_index}_key`],
+            value: req.body[`tags_member_${tag_index}_value`] || ''
+        });
+        tag_index += 1;
+    }
+    const params = {
+        username: req.body.user_name,
+        tags: tags,
+    };
+
+    dbg.log1('IAM TAG USER', params);
+    iam_utils.validate_params(iam_constants.IAM_ACTIONS.TAG_USER, params);
+    await req.account_sdk.tag_user(params);
+
+    return {
+        TagUserResponse: {
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: tag_user,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_untag_user.js

@@ -0,0 +1,46 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_UntagUser.html
+ */
+async function untag_user(req, res) {
+
+    const tag_keys = [];
+    let tag_index = 1;
+    while (req.body[`tag_keys_member_${tag_index}`]) {
+        tag_keys.push(req.body[`tag_keys_member_${tag_index}`]);
+        tag_index += 1;
+    }
+    const params = {
+        username: req.body.user_name,
+        tag_keys: tag_keys,
+    };
+
+    dbg.log1('IAM UNTAG USER', params);
+    iam_utils.validate_params(iam_constants.IAM_ACTIONS.UNTAG_USER, params);
+    await req.account_sdk.untag_user(params);
+
+    return {
+        UntagUserResponse: {
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: untag_user,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/sdk/account_sdk.js

@@ -117,6 +117,25 @@ class AccountSDK {
         return accountspace.list_users(params, this);
     }
 
+    ////////////
+    // TAGS   //
+    ////////////
+
+    async tag_user(params) {
+        const accountspace = this._get_accountspace();
+        return accountspace.tag_user(params, this);
+    }
+
+    async untag_user(params) {
+        const accountspace = this._get_accountspace();
+        return accountspace.untag_user(params, this);
+    }
+
+    async list_user_tags(params) {
+        const accountspace = this._get_accountspace();
+        return accountspace.list_user_tags(params, this);
+    }
+
     ////////////////
     // ACCESS KEY //
     ////////////////