CI FIx

Author: naveenpaul1

src/sdk/accountspace_nb.js

@@ -50,7 +50,7 @@ class AccountSpaceNB {
         //const root_account = _.find(system_store.data.accounts, account => account.name.unwrap() === requesting_account.name.unwrap());
         const requesting_account = system_store.get_account_by_email(account_sdk.requesting_account.email);
         account_util._check_if_requesting_account_is_root_account(action, requesting_account,
-                { username: params.username, iam_path: params.iam_path });
+                { username: params.username, path: params.iam_path });
         account_util._check_username_already_exists(action, params, requesting_account);
         const iam_arn = iam_utils.create_arn_for_user(requesting_account._id.toString(), params.username, params.iam_path);
         const account_name = new SensitiveString(`${params.username}:${requesting_account.name.unwrap()}`);
@@ -64,7 +64,9 @@ class AccountSpaceNB {
                 owner: requesting_account._id.toString(),
                 is_iam: true,
                 iam_arn: iam_arn,
+                iam_path: params.iam_path,
                 role: 'iam_user',
+
                 // TODO: default_resource remove
                 default_resource: 'noobaa-default-backing-store',
             },
@@ -82,7 +84,7 @@ class AccountSpaceNB {
             username: params.username,
             user_id: iam_account.id,
             arn: iam_arn,
-            create_date: iam_account.creation_date,
+            create_date: iam_account.create_date,
         };
 
     }
@@ -106,8 +108,8 @@ class AccountSpaceNB {
             iam_path: requested_account.iam_path || IAM_DEFAULT_PATH,
             username: requested_account.name.unwrap().split(IAM_SPLIT_CHARACTERS)[0],
             arn: requested_account.iam_arn,
+            create_date: new Date(requested_account.last_update),
             // TODO: Dates missing : GAP
-            create_date: new Date(),
             password_last_used: new Date(),
         };
         return reply;
@@ -123,6 +125,7 @@ class AccountSpaceNB {
         const requested_account = system_store.get_account_by_email(account_name);
         let new_iam_path = requested_account.iam_path;
         let new_user_name = requested_account.name.unwrap();
+        account_util._check_username_already_exists(action, { username: params.new_username }, requesting_account);
         const root_account = _.find(system_store.data.accounts, account => account.name.unwrap() === requesting_account.name.unwrap());
         account_util._check_if_requested_account_is_root_account_or_IAM_user(action, requesting_account, requested_account);
         account_util._check_if_requested_is_owned_by_root_account(action, root_account, requested_account);
@@ -136,7 +139,7 @@ class AccountSpaceNB {
             iam_arn: iam_arn,
         };
         // CORE CHANGES PENDING - START
-        system_store.make_changes({
+        await system_store.make_changes({
             update: {
                 accounts: [{
                     _id: requested_account._id,
@@ -149,8 +152,8 @@ class AccountSpaceNB {
         // TODO : Send Event
         return {
             // TODO: IAM path needs to be saved
-            iam_path: requested_account.iam_path || IAM_DEFAULT_PATH,
-            username: requested_account.name.unwrap(),
+            iam_path: new_iam_path || IAM_DEFAULT_PATH,
+            username: new_user_name,
             user_id: requested_account._id.toString(),
             arn: iam_arn
         };
@@ -203,7 +206,8 @@ class AccountSpaceNB {
                 iam_path: iam_user.iam_path || IAM_DEFAULT_PATH,
                 username: iam_user.name.unwrap().split(IAM_SPLIT_CHARACTERS)[0],
                 arn: iam_user.iam_arn,
-                create_date: iam_user.creation_date,
+                create_date: new Date(iam_user.last_update),
+                // TODO: Miising password_last_used
                 password_last_used: Date.now(), // GAP
             };
             return member;

src/server/system_services/account_server.js

@@ -35,6 +35,7 @@ const check_new_azure_connection_timeout = 20 * 1000;
  */
 async function create_account(req) {
 
+
     account_util.validate_create_account_permissions(req);
     account_util.validate_create_account_params(req);
     const {token, access_keys} = await account_util.create_account(req);

src/server/system_services/schemas/account_schema.js

@@ -28,12 +28,13 @@ module.exports = {
         password: { wrapper: SensitiveString }, // bcrypted password - DEPRECATED
         next_password_change: { date: true }, // DEPRECATED
         // TODO: Check NSFS behaviour for account and iam user
-        owner: { type: 'string' },
+        owner: { objectid: true },
         tagging: {
             $ref: 'common_api#/definitions/tagging',
         },
         is_iam: { type: 'boolean' },
         iam_arn: { type: 'string' },
+        iam_path: { type: 'string' },
         // default policy for new buckets
         default_resource: { objectid: true },
         default_chunk_config: { objectid: true },

src/util/account_util.js

@@ -15,7 +15,7 @@ const { OP_NAME_TO_ACTION } = require('../endpoint/sts/sts_rest');
 const IamError = require('../endpoint/iam/iam_errors').IamError;
 //const { account_cache } = require('./../sdk/object_sdk');
 const { create_arn_for_user, get_action_message_title } = require('../endpoint/iam/iam_utils');
-const { IAM_ACTIONS, ACCESS_KEY_STATUS_ENUM } = require('../endpoint/iam/iam_constants');
+const { IAM_ACTIONS, IAM_DEFAULT_PATH } = require('../endpoint/iam/iam_constants');
 
 const demo_access_keys = Object.freeze({
     access_key: new SensitiveString('123'),
@@ -115,6 +115,7 @@ async function create_account(req) {
         account.owner = req.rpc_params.owner;
         account.is_iam = req.rpc_params.is_iam;
         account.iam_arn = req.rpc_params.iam_arn;
+        account.iam_path = req.rpc_params.iam_path;
     }
 
     await system_store.make_changes({
@@ -216,7 +217,6 @@ async function generate_account_keys(req) {
     const decrypted_access_keys = _.cloneDeep(access_keys);
     access_keys.secret_key = system_store.master_key_manager.encrypt_sensitive_string_with_master_key_id(
         access_keys.secret_key, account.master_key_id._id);
-    access_keys.deactivated = false;
 
     await system_store.make_changes({
         update: {
@@ -415,7 +415,7 @@ function _throw_access_denied_error(action, requesting_account, details, entity)
     const full_action_name = get_action_message_title(action);
     const account_id_for_arn = _get_account_owner_id_for_arn(requesting_account);
     const arn_for_requesting_account = create_arn_for_user(account_id_for_arn,
-        requesting_account.name.unwrap(), requesting_account.path);
+        requesting_account.name.unwrap(), requesting_account.path || IAM_DEFAULT_PATH);
     const basic_message = `User: ${arn_for_requesting_account} is not authorized to perform:` +
     `${full_action_name} on resource: `;
     let message_with_details;
@@ -459,9 +459,6 @@ function _check_root_account(account) {
     return account.owner === undefined;
 }
 
-function _check_access_key_is_deactivated(status) {
-    return status === ACCESS_KEY_STATUS_ENUM.INACTIVE;
-}
 
 
 function validate_create_account_permissions(req) {
@@ -550,6 +547,5 @@ exports.validate_create_account_permissions = validate_create_account_permission
 exports.validate_create_account_params = validate_create_account_params;
 exports._check_if_account_exists = _check_if_account_exists;
 exports._returned_username = _returned_username;
-exports._check_access_key_is_deactivated = _check_access_key_is_deactivated;
 exports._check_if_requested_is_owned_by_root_account = _check_if_requested_is_owned_by_root_account;
 exports._check_if_requested_account_is_root_account_or_IAM_user = _check_if_requested_account_is_root_account_or_IAM_user;