NC | account by id | allow principal to be either account id or name

Signed-off-by: Amit Prinz Setter <[email protected]>
noobaa · Jun 27, 2024 · 2a5df3c · 2a5df3c
1 parent fe01f3b
commit 2a5df3c
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 17 deletions.
diff --git a/src/cmd/manage_nsfs.js b/src/cmd/manage_nsfs.js
@@ -195,7 +195,7 @@ async function fetch_existing_bucket_data(target) {
 }
 
 async function add_bucket(data) {
-    await validate_bucket_args(config_root_backend, accounts_dir_path, data, ACTIONS.ADD);
+    await validate_bucket_args(config_root_backend, accounts_dir_path, root_accounts_dir_path, data, ACTIONS.ADD);
     const fs_context = native_fs_utils.get_process_fs_context(config_root_backend);
     const bucket_conf_path = get_config_file_path(buckets_dir_path, data.name);
     const exists = await native_fs_utils.is_path_exists(fs_context, bucket_conf_path);
@@ -211,7 +211,7 @@ async function add_bucket(data) {
 }
 
 async function get_bucket_status(data) {
-    await validate_bucket_args(config_root_backend, accounts_dir_path, data, ACTIONS.STATUS);
+    await validate_bucket_args(config_root_backend, accounts_dir_path, root_accounts_dir_path, data, ACTIONS.STATUS);
 
     try {
         const bucket_path = get_config_file_path(buckets_dir_path, data.name);
@@ -224,7 +224,7 @@ async function get_bucket_status(data) {
 }
 
 async function update_bucket(data) {
-    await validate_bucket_args(config_root_backend, accounts_dir_path, data, ACTIONS.UPDATE);
+    await validate_bucket_args(config_root_backend, accounts_dir_path, root_accounts_dir_path, data, ACTIONS.UPDATE);
     const fs_context = native_fs_utils.get_process_fs_context(config_root_backend);
 
     const cur_name = data.name;
@@ -262,7 +262,7 @@ async function update_bucket(data) {
 }
 
 async function delete_bucket(data, force) {
-    await validate_bucket_args(config_root_backend, accounts_dir_path, data, ACTIONS.DELETE);
+    await validate_bucket_args(config_root_backend, accounts_dir_path, root_accounts_dir_path, data, ACTIONS.DELETE);
     // we have fs_contexts: (1) fs_backend for bucket temp dir (2) config_root_backend for config files
     const fs_context_config_root_backend = native_fs_utils.get_process_fs_context(config_root_backend);
     const fs_context_fs_backend = native_fs_utils.get_process_fs_context(data.fs_backend);

diff --git a/src/manage_nsfs/manage_nsfs_validations.js b/src/manage_nsfs/manage_nsfs_validations.js
@@ -12,8 +12,8 @@ const string_utils = require('../util/string_utils');
 const native_fs_utils = require('../util/native_fs_utils');
 const ManageCLIError = require('../manage_nsfs/manage_nsfs_cli_errors').ManageCLIError;
 const bucket_policy_utils = require('../endpoint/s3/s3_bucket_policy_utils');
-const { throw_cli_error, get_config_file_path, get_config_data, get_bucket_owner_account,
-        get_options_from_file, has_access_keys } = require('../manage_nsfs/manage_nsfs_cli_utils');
+const { throw_cli_error, get_config_file_path, get_symlink_config_file_path, get_config_data,
+    get_bucket_owner_account, get_options_from_file, has_access_keys } = require('../manage_nsfs/manage_nsfs_cli_utils');
 const { TYPES, ACTIONS, VALID_OPTIONS, OPTION_TYPE, FROM_FILE, BOOLEAN_STRING_VALUES, BOOLEAN_STRING_OPTIONS,
     GLACIER_ACTIONS, LIST_UNSETABLE_OPTIONS, ANONYMOUS } = require('../manage_nsfs/manage_nsfs_constants');
 
@@ -247,7 +247,7 @@ function validate_flags_value_combination(type, action, input_options_with_data)
  * @param {object} data
  * @param {string} action
  */
-async function validate_bucket_args(config_root_backend, accounts_dir_path, data, action) {
+async function validate_bucket_args(config_root_backend, accounts_dir_path, root_accounts_dir_path, data, action) {
     if (action === ACTIONS.DELETE || action === ACTIONS.STATUS) {
         if (_.isUndefined(data.name)) throw_cli_error(ManageCLIError.MissingBucketNameFlag);
     } else { // action === ACTIONS.ADD || action === ACTIONS.UPDATE
@@ -296,14 +296,7 @@ async function validate_bucket_args(config_root_backend, accounts_dir_path, data
             try {
                 await bucket_policy_utils.validate_s3_policy(data.s3_policy, data.name,
                     async principal => {
-                        const account_config_path = get_config_file_path(accounts_dir_path, principal);
-                        try {
-                            const fs_context_config_root_backend = native_fs_utils.get_process_fs_context(config_root_backend);
-                            await nb_native().fs.stat(fs_context_config_root_backend, account_config_path);
-                            return true;
-                        } catch (err) {
-                            return false;
-                        }
+                        return await get_account_by_principal(fs_context_fs_backend, accounts_dir_path, root_accounts_dir_path, principal);
                     });
             } catch (err) {
                 dbg.error('validate_bucket_args invalid bucket policy err:', err);
@@ -410,6 +403,19 @@ async function verify_delete_account(config_root_backend, buckets_dir_path, acco
     });
 }
 
+async function file_exists(fs_context, path) {
+    try {
+        await nb_native().fs.stat(fs_context, path);
+        return true;
+    } catch (err) {}
+    return false;
+}
+
+async function get_account_by_principal(fs_context, accounts_dir_path, root_accounts_dir_path, principal) {
+    return await file_exists(fs_context, get_config_file_path(accounts_dir_path, principal)) ||
+           await file_exists (fs_context, get_symlink_config_file_path(root_accounts_dir_path, principal));
+}
+
 ///////////////////////////////////
 //// IP WhITE LIST VALIDATIONS ////
 ///////////////////////////////////
@@ -443,3 +449,4 @@ exports.verify_delete_account = verify_delete_account;
 exports.validate_whitelist_arg = validate_whitelist_arg;
 exports.verify_whitelist_ips = verify_whitelist_ips;
 exports.validate_flags_combination = validate_flags_combination;
+exports.get_account_by_principal = get_account_by_principal;
diff --git a/src/sdk/bucketspace_fs.js b/src/sdk/bucketspace_fs.js
@@ -24,6 +24,7 @@ const { get_umasked_mode, isDirectory, validate_bucket_creation,
     create_config_file, delete_config_file, get_bucket_tmpdir_full_path, folder_delete } = require('../util/native_fs_utils');
 const NoobaaEvent = require('../manage_nsfs/manage_nsfs_events_utils').NoobaaEvent;
 const { anonymous_access_key } = require('./object_sdk');
+const { get_account_by_principal } = require('../manage_nsfs/manage_nsfs_validations')
 
 const dbg = require('../util/debug_module')(__filename);
 const bucket_semaphore = new KeysSemaphore(1);
@@ -683,8 +684,9 @@ class BucketSpaceFS extends BucketSpaceSimpleFS {
             dbg.log2("put_bucket_policy: bucket properties before validate_bucket_schema",
             bucket_to_validate);
             nsfs_schema_utils.validate_bucket_schema(bucket_to_validate);
-            await bucket_policy_utils.validate_s3_policy(bucket.s3_policy, bucket.name, async principal =>
-                 this._get_account_by_id(principal));
+            await bucket_policy_utils.validate_s3_policy(bucket.s3_policy, bucket.name, async principal => {
+                 return await get_account_by_principal(this.fs_context, this.accounts_dir, this.root_accounts_dir, principal);
+            });
             const update_bucket = JSON.stringify(bucket);
             await nb_native().fs.writeFile(
                 this.fs_context,