NC | Bucket Owner Removal #8289
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
romayalon
force-pushed
the
romy-bucket-owner-removal
branch
from
8cf8b2c
to
36e84fd
Compare
shirady
reviewed
Aug 19, 2024
shirady
reviewed
Aug 21, 2024
|
@romayalon could you please update the the PR description (and attach the issue)? |
romayalon
force-pushed
the
romy-bucket-owner-removal
branch
from
0f6a07a
to
1128b3f
Compare
shirady
reviewed
Aug 22, 2024
shirady
reviewed
Aug 22, 2024
romayalon
force-pushed
the
romy-bucket-owner-removal
branch
from
982e8e1
to
cda3059
Compare
romayalon
force-pushed
the
romy-bucket-owner-removal
branch
2 times, most recently
from
e287e6f
to
8a352d9
Compare
Signed-off-by: Romy <[email protected]>
romayalon
force-pushed
the
romy-bucket-owner-removal
branch
from
8a352d9
to
c29e90a
Compare
2 tasks
2 tasks
shirady
added a commit
to shirady/noobaa-core
that referenced
this pull request
Sep 8, 2024
1. Update IAM API Users, Access Keys and additional changes in accountspace_fs: - Move the config creation from the function _copy_data_from_requesting_account_to_account_config to the create_user. - Fix the ARN account ID for root accounts that were operated by the roots accounts manager (before we copied the requesting_account._id which was true only for root accounts on IAM users). - Fix _check_root_account as it has a redundant line that was not relevant (it was there when we thought of additional case, but we never get to it). - Add 2 helper functions: _get_account_owner_id_for_arn, _get_owner_account_argument. - Improve performance in the function _check_if_root_account_does_not_have_IAM_users_before_deletion after we have the new structure. 2. Update the ConfigFS module to support the new structure and operate on users configs. 3. Update docs: - With the config dire restructure (identities/, accounts_by_name/, users/directories). - IAM docs - regarding the naming scope (that we have with the new structure) and about the new structure with users/ directory. 4. Update the IAM API tests: - Mainly reading the config file in the new structure. - Add account validation to accounts created hardcoded (to avoid schema changes without them updated). - Refactor `it` names to multiple lines. 5. In rest_s3 change the 'is_owner` part (the gap mentioned in NC | Bucket Owner Removal noobaa#8289), where it checks the name, to make sure the account is not a user with the same name. Signed-off-by: shirady <[email protected]>
shirady
added a commit
to shirady/noobaa-core
that referenced
this pull request
Sep 8, 2024
1. Update IAM API Users, Access Keys and additional changes in accountspace_fs: - Move the config creation from the function _copy_data_from_requesting_account_to_account_config to the create_user. - Fix the ARN account ID for root accounts that were operated by the roots accounts manager (before we copied the requesting_account._id which was true only for root accounts on IAM users). - Fix _check_root_account as it has a redundant line that was not relevant (it was there when we thought of additional case, but we never get to it). - Add 2 helper functions: _get_account_owner_id_for_arn, _get_owner_account_argument. - Improve performance in the function _check_if_root_account_does_not_have_IAM_users_before_deletion after we have the new structure. 2. Update the ConfigFS module to support the new structure and operate on users configs. 3. Update docs: - With the config dire restructure (identities/, accounts_by_name/, users/directories). - IAM docs - regarding the naming scope (that we have with the new structure) and about the new structure with users/ directory. 4. Update the IAM API tests: - Mainly reading the config file in the new structure. - Add account validation to accounts created hardcoded (to avoid schema changes without them updated). - Refactor `it` names to multiple lines. 5. In rest_s3 change the 'is_owner` part (the gap mentioned in NC | Bucket Owner Removal noobaa#8289), where it checks the name, to make sure the account is not a user with the same name. Signed-off-by: shirady <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Disclaimers -
This PR is dependent on merging - NC | Config Dir Restructure #8279 and currently, cherry-picking its only commit, which will be removed after its merge.Explain the changes
--ownerflag is still the name of the account, and it'll be mapped to an id internally - owner_account.Issues: Fixed #xxx / Gap #xxx
Testing Instructions: