NC | IAM | Return Empty List On Unimplemented List Operations

Add LIST operations in IAM

Signed-off-by: shirady <[email protected]>

Author: shirady

docs/design/iam.md

@@ -127,7 +127,38 @@ Here attached a diagram with all the accounts that we have in our system:
 - IAM ListAccessKeys: UserName (not supported: Marker, MaxItems)
 
 ### Other
-- IAM ListGroupsForUser - would always return empty list (to check that the user exists it runs GetUser).
+Would always return an empty list (to check that the user exists it runs GetUser)
+- IAM ListGroupsForUser
+- IAM ListAttachedUserPolicies
+- IAM ListMFADevices
+- IAM ListServiceSpecificCredentials
+- IAM ListSigningCertificates
+- IAM ListSSHPublicKeys
+- IAM ListUserPolicies
+- IAM ListUserTags
+Would always return an empty list
+- IAM ListAccountAliases
+- IAM ListAttachedGroupPolicies
+- IAM ListAttachedRolePolicies
+- IAM ListGroupPolicies
+- IAM ListGroups
+- IAM ListInstanceProfiles
+- IAM ListOpenIDConnectProviders
+- IAM ListPolicies
+- IAM ListRoles
+- IAM ListSAMLProviders
+- IAM ListServerCertificates
+- IAM ListVirtualMFADevices
+Would always return `NoSuchEntity` error
+- IAM ListEntitiesForPolicy
+- IAM ListInstanceProfilesForRole
+- IAM ListInstanceProfileTags
+- IAM ListMFADeviceTags
+- IAM ListOpenIDConnectProviderTags
+- IAM ListPolicyTags
+- IAM ListPolicyVersions
+- IAM ListRoleTags
+- IAM ListServerCertificateTags
 
 ### Configuration Directory Components With users
 If account creates a user its config file will be created under identities/<user-id>.identity.json and under the account will be created `users/` directory and inside it it will link to the config.

src/endpoint/iam/iam_rest.js

@@ -35,6 +35,34 @@ const ACTIONS = Object.freeze({
     'DeleteAccessKey': 'delete_access_key',
     'ListAccessKeys': 'list_access_keys',
     'ListGroupsForUser': 'list_groups_for_user',
+    'ListAccountAliases': 'list_account_aliases',
+    'ListAttachedGroupPolicies': 'list_attached_group_policies',
+    'ListAttachedRolePolicies': 'list_attached_role_policies',
+    'ListAttachedUserPolicies': 'list_attached_user_policies',
+    'ListEntitiesForPolicy': 'list_entities_for_policy',
+    'ListGroupPolicies': 'list_group_policies',
+    'ListGroups': 'list_groups',
+    'ListInstanceProfiles': 'list_instance_profiles',
+    'ListInstanceProfilesForRole': 'list_instance_profiles_for_role',
+    'ListInstanceProfileTags': 'list_instance_profile_tags',
+    'ListMFADevices': 'list_mfa_devices',
+    'ListMFADeviceTags': 'list_mfa_device_tags',
+    'ListOpenIDConnectProviders': 'list_open_id_connect_providers',
+    'ListOpenIDConnectProviderTags': 'list_open_id_connect_provider_tags',
+    'ListPolicies': 'list_policies',
+    'ListPolicyTags': 'list_policy_tags',
+    'ListPolicyVersions': 'list_policy_versions',
+    'ListRoles': 'list_roles',
+    'ListRoleTags': 'list_role_tags',
+    'ListSAMLProviders': 'list_saml_providers',
+    'ListServerCertificates': 'list_server_certificates',
+    'ListServerCertificateTags': 'list_server_certificate_tags',
+    'ListServiceSpecificCredentials': 'list_service_specific_credentials',
+    'ListSigningCertificates': 'list_signing_certificates',
+    'ListSSHPublicKeys': 'list_ssh_public_keys',
+    'ListUserPolicies': 'list_user_policies',
+    'ListUserTags': 'list_user_tags',
+    'ListVirtualMFADevices': 'list_virtual_mfa_devices',
 });
 
 // notice: shows all methods as method post
@@ -51,8 +79,36 @@ const IAM_OPS = js_utils.deep_freeze({
     post_update_access_key: require('./ops/iam_update_access_key'),
     post_delete_access_key: require('./ops/iam_delete_access_key'),
     post_list_access_keys: require('./ops/iam_list_access_keys'),
-    // other (currently ops that return empty just not to fail them)
+    // other (currently ops that return empty or NoSuchEntity error - just not to fail them)
     post_list_groups_for_user: require('./ops/iam_list_groups_for_user.js'),
+    post_list_account_aliases: require('./ops/iam_list_account_aliases.js'),
+    post_list_attached_group_policies: require('./ops/iam_list_attached_group_policies.js'),
+    post_list_attached_role_policies: require('./ops/iam_list_attached_role_policies.js'),
+    post_list_attached_user_policies: require('./ops/iam_list_attached_user_policies.js'),
+    post_list_entities_for_policy: require('./ops/iam_list_entities_for_policy.js'),
+    post_list_group_policies: require('./ops/iam_list_group_policies.js'),
+    post_list_groups: require('./ops/iam_list_groups.js'),
+    post_list_instance_profiles: require('./ops/iam_list_instance_profiles.js'),
+    post_list_instance_profiles_for_role: require('./ops/iam_list_instance_profiles_for_role.js'),
+    post_list_instance_profile_tags: require('./ops/iam_list_instance_profile_tags.js'),
+    post_list_mfa_devices: require('./ops/iam_list_mfa_devices.js'),
+    post_list_mfa_device_tags: require('./ops/iam_list_mfa_device_tags.js'),
+    post_list_open_id_connect_providers: require('./ops/iam_list_open_id_connect_providers.js'),
+    post_list_open_id_connect_provider_tags: require('./ops/iam_list_open_id_connect_provider_tags.js'),
+    post_list_policies: require('./ops/iam_list_policies.js'),
+    post_list_policy_tags: require('./ops/iam_list_policy_tags.js'),
+    post_list_policy_versions: require('./ops/iam_list_policy_versions.js'),
+    post_list_roles: require('./ops/iam_list_roles.js'),
+    post_list_role_tags: require('./ops/iam_list_role_tags.js'),
+    post_list_saml_providers: require('./ops/iam_list_saml_providers.js'),
+    post_list_server_certificates: require('./ops/iam_list_server_certificates.js'),
+    post_list_server_certificate_tags: require('./ops/iam_list_server_certificate_tags.js'),
+    post_list_service_specific_credentials: require('./ops/iam_list_service_specific_credentials.js'),
+    post_list_signing_certificates: require('./ops/iam_list_signing_certificates.js'),
+    post_list_ssh_public_keys: require('./ops/iam_list_ssh_public_keys.js'),
+    post_list_user_policies: require('./ops/iam_list_user_policies.js'),
+    post_list_user_tags: require('./ops/iam_list_user_tags.js'),
+    post_list_virtual_mfa_devices: require('./ops/iam_list_virtual_mfa_devices.js'),
 });
 
 async function iam_rest(req, res) {

src/endpoint/iam/ops/iam_list_account_aliases.js

@@ -0,0 +1,41 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccountAliases.html
+ */
+async function list_account_aliases(req, res) {
+
+    const params = {
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+    };
+    dbg.log1('IAM LIST ACCOUNT ALIASES (returns empty list on every request)', params);
+
+    return {
+        ListAccountAliasesResponse: {
+            ListAccountAliasesResult: {
+                AccountAliases: [],
+                IsTruncated: false,
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_account_aliases,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_list_attached_group_policies.js

@@ -0,0 +1,42 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedGroupPolicies.html
+ */
+async function list_attached_group_policies(req, res) {
+
+    const params = {
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+        iam_path_prefix: req.body.path_prefix,
+    };
+    dbg.log1('IAM LIST ATTACHED GROUP POLICIES (returns empty list on every request)', params);
+
+    return {
+        ListAttachedGroupPoliciesResponse: {
+            ListAttachedGroupPoliciesResult: {
+                AttachedPolicies: [],
+                IsTruncated: false,
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_attached_group_policies,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_list_attached_role_policies.js

@@ -0,0 +1,42 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html
+ */
+async function list_attached_role_policies(req, res) {
+
+    const params = {
+        role_name: req.body.role_name,
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+        iam_path_prefix: req.body.path_prefix,
+    };
+    dbg.log1('IAM LIST ATTACHED ROLE POLICIES (returns empty list on every request)', params);
+
+    return {
+        ListAttachedRolePoliciesResponse: {
+            ListAttachedRolePoliciesResult: {
+                AttachedPolicies: [],
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_attached_role_policies,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_list_attached_user_policies.js

@@ -0,0 +1,49 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedUserPolicies.html
+ */
+async function list_attached_user_policies(req, res) {
+
+    const params = {
+        username: req.body.user_name,
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+        iam_path_prefix: req.body.path_prefix,
+    };
+
+    dbg.log1('To check that we have the user we will run the IAM GET USER', params);
+    iam_utils.validate_params(iam_constants.IAM_ACTIONS.GET_USER, params);
+    await req.account_sdk.get_user(params);
+
+    dbg.log1('IAM LIST ATTACHED USER POLICIES (returns empty list on every request)', params);
+
+    return {
+        ListAttachedUserPoliciesResponse: {
+            ListAttachedUserPoliciesResult: {
+                AttachedPolicies: [],
+                IsTruncated: false,
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_attached_user_policies,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_list_entities_for_policy.js

@@ -0,0 +1,38 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+const IamError = require('../iam_errors').IamError;
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListEntitiesForPolicy.html
+ */
+async function list_entities_for_policy(req, res) {
+
+    const params = {
+        policy_arn: req.body.policy_arn,
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+        iam_path_prefix: req.body.path_prefix,
+        entity_filter: req.body.entity_filter,
+        policy_filter_usage: req.body.policy_filter_usage,
+    };
+    dbg.log1('IAM LIST ENTITIES FOR POLICY (returns NoSuchEntity on every request)', params);
+    const message_with_details = ` Policy ${params.policy_arn} does not exist or is not attachable`;
+    const { code, http_code, type } = IamError.NoSuchEntity;
+    throw new IamError({ code, message: message_with_details, http_code, type });
+}
+
+module.exports = {
+    handler: list_entities_for_policy,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};

src/endpoint/iam/ops/iam_list_group_policies.js

@@ -0,0 +1,43 @@
+/* Copyright (C) 2024 NooBaa */
+'use strict';
+
+const dbg = require('../../../util/debug_module')(__filename);
+const iam_utils = require('../iam_utils');
+const iam_constants = require('../iam_constants');
+const { CONTENT_TYPE_APP_FORM_URLENCODED } = require('../../../util/http_utils');
+
+/**
+ * https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListGroupPolicies.html
+ */
+async function list_groups_policies(req, res) {
+
+    const params = {
+        group_name: req.body.group_name,
+        marker: req.body.marker,
+        max_items: iam_utils.parse_max_items(req.body.max_items) ?? iam_constants.DEFAULT_MAX_ITEMS,
+    };
+
+    dbg.log1('IAM LIST GROUP POLICIES (returns empty list on every request)', params);
+
+    return {
+        ListGroupPoliciesResponse: {
+            ListGroupPoliciesResult: {
+                PolicyNames: [],
+                IsTruncated: false,
+            },
+            ResponseMetadata: {
+                RequestId: req.request_id,
+            }
+        },
+    };
+}
+
+module.exports = {
+    handler: list_groups_policies,
+    body: {
+        type: CONTENT_TYPE_APP_FORM_URLENCODED,
+    },
+    reply: {
+        type: 'xml',
+    },
+};