NC | NSFS| IAM | Tech Debts (IAM Integration Tests, Username Validation Move module and Allow IAM User to Create Bucket)

[shirady]

Explain the changes

IAM Tech Debts (from an agreed list to wrap up the feature for now) including:

1. IAM Integration Tests:

• Add the module for the IAM client by running: npm install @aws-sdk/client-iam.
• Add the file test_nc_iam_basic_integration.js and make the needed changes in the files nc_coretest.js (add the IAM port), nc_index (add the new test in the CI) and test_utils.js (add the IAM client - like we have S3 client) - the IAM integration tests the APIs of IAM that we support today.
  Notice that it contains only the happy path, as the goal was to ensure nothing was broken between the IAM request to the server and our response (internal validation was already implemented in unit tests).

2. Username Validation Move the Module: we have 2 flows noobaa-cli and API (S3, IAM) and don't want to import modules between the flows and only from an above level. Therefore, I moved the function validate_username from the iam_utils to nc_utils, since it used other functions I also had to move them and move the testing file.
3. Allow IAM Users to Create Bucket - we temporarily didn't allow IAM users to create buckets (see comment).

Issues:

1. Fix partially issue NC | NSFS | Organize Modules/Dependencies #8548.

Testing Instructions:

1) IAM Integration Tests:

Automatic Tests

Please run the test: sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_nc_iam_basic_integration.js
If you want to look at the logs in noobaa, you can: cat nsfs_integration_test_log.txt

Manual Tests

In this PR I didn’t run manual tests, but if you want you can use this guide

2) Username Validation Move the Module:

Automatic Tests

Please run the tests:

• npx jest test_iam_utils.test.js (iam_utils is the previous file that the function was taken from)
• npx jest test_nc_utils.test.js (nc_utils is the current file, where I moved the functions to)
• sudo npx jest test_nc_nsfs_account_cli.test.js (contains the tests that were written in the past, search the test titles that include “invalid name”)

3) Allow IAM Users to Create Bucket

Automatic Tests

Please run the test: sudo NC_CORETEST=true node ./node_modules/mocha/bin/mocha ./src/test/unit_tests/test_bucketspace_fs.js

Manual Tests

1. Create an account with the CLI: sudo node src/cmd/manage_nsfs account add --name <account-name> --new_buckets_path /Users/buckets/ --access_key <access-key> --secret_key <secret-key> --uid <uid> --gid <gid>
   Note: before creating the account need to give permission to the new_buckets_path: chmod 777 /Users/buckets/.
2. Start the NSFS server with: sudo node src/cmd/nsfs --debug 5 --https_port_iam 7005
3. Create the alias for S3 service:alias nc-user-1-s3=‘AWS_ACCESS_KEY_ID=<access-key> AWS_SECRET_ACCESS_KEY=<secret-key> aws --no-verify-ssl --endpoint-url https://localhost:6443’.
4. Check the connection to the endpoint and try to list the buckets (should be empty): nc-user-1-s3 s3 ls; echo $?
5. Create the alias for the IAM service: nc-user-1-iam='AWS_ACCESS_KEY_ID=<access-key-account> AWS_SECRET_ACCESS_KEY=<secret-key-account> aws --no-verify-ssl --endpoint-url https://localhost:7005/'
6. Check the connection to the endoint and try to list the users (should be empty): nc-user-1-iam iam list-users
7. Create a IAM user with access key: nc-user-1-iam iam create-user --user-name Bob and
   nc-user-1-iam iam create-access-key --user-name Bob
8. Create the alias for the IAM user to S3 service: alias nc-user-1b-s3='AWS_ACCESS_KEY_ID=<access-key-user> AWS_SECRET_ACCESS_KEY=<secret-key-user> aws --no-verify-ssl --endpoint-url https://localhost:6443/'
9. Check the the connection to the endpoint and try to list the buckets (should be empty): nc-user-1b-s3 s3 ls; echo $?
10. Create a bucket by the IAM user: nc-user-1b-s3 s3 mb s3://iam-bucket
11. Check that the owner_account property is the account’s ID (the owner of the user): sudo cat /etc/noobaa.conf.d/buckets/iam-bucket.json | jq .
12. Delete the bucket: nc-user-1b-s3 s3 rb s3://iam-bucket

• Doc added/updated
• Tests added