IAM | Remove Unneeded system_store Calls - Part 1

[shirady]

Describe the Problem

Currently, there are many calls to system_store in functions related to IAM.

Explain the Changes

1. Reduce the calls to system_store, mainly where it was to get the requesting_account in the file accountspace_nb.js.

Issues:

1. List of GAPs:

• I think we need to move the create_user inside the account_server so we would have the req.account access and keep this file with small functionality.
• Planned to work on the files: account_server and account_utils as well.
• There is code duplication that I found; probably we can reduce more in the future.

Testing Instructions:

I rerun the API tests to make sure it doesn't break.

Automatic test

Containerized

1. Use the guide "Run Tests From coretest Locally" (link) for running the core tests.
2. Run first tab: docker run -p 5432:5432 -e POSTGRESQL_ADMIN_PASSWORD=noobaa quay.io/sclorg/postgresql-15-c9s
3. Run second tab: NOOBAA_LOG_LEVEL=all ./node_modules/.bin/mocha src/test/integration_tests/api/iam/test_iam_basic_integration.js

• Doc added/updated
• Tests added

Summary by CodeRabbit

• Refactor
  • Simplified internal account handling and streamlined RPC parameter passing. Ownership and resource resolution logic consolidated internally.
  • No changes to public APIs, method names, signatures, or visible user functionality.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Replaced system_store lookups with direct use of account_sdk.requesting_account in AccountSpaceNB user, access-key, tag, and policy methods; removed passing requesting_account to RPC calls (RPCs now accept only a params object) and switched ownership wrapping to requesting_account._id.

Changes

Cohort / File(s)

Summary

AccountSpaceNB user/access-key/tag/policy updates src/sdk/accountspace_nb.js

Replaced system_store.get_account_by_email(...) with account_sdk.requesting_account across user (create/get/update/delete/list), access-key, tag (tag/untag/list), and policy (put/get/delete/list user policies) methods; removed passing requesting_account to RPC client calls so RPCs receive only the params object; changed account ownership wrapping to use requesting_account._id; minor comment/header formatting adjustments.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify all RPC call sites were updated to remove the extra requesting_account argument.
• Confirm requesting_account._id is used consistently and types are handled (non-string IDs).
• Check user creation path for removal of default_resource handling and correct owner assignment.

Possibly related PRs

• IAM | Use the account server flow #9289 — similar modifications to src/sdk/accountspace_nb.js shifting IAM/account flows to RPCs and changing requesting_account usage.
• IAM | Change bucket owner for IAM user to account and more #9268 — overlapping changes in src/sdk/accountspace_nb.js converting ownership to _id and removing requesting_account RPC parameters.
• IAM | User Inline Policy Implementation #9270 — related updates to user and policy methods in src/sdk/accountspace_nb.js affecting RPC signatures.

Suggested labels

size/M

Suggested reviewers

• aayushchouhan09
• naveenpaul1

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'IAM | Remove Unneeded system_store Calls - Part 1' accurately describes the main change: removing unnecessary system_store calls from IAM-related code in accountspace_nb.js, making it specific and directly relevant to the changeset.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/sdk/accountspace_nb.js (1)

36-62: Bug risk: default_resource.name no longer valid after removing system_store lookup

Now that requesting_account comes directly from account_sdk.requesting_account (the RPC-serialized account), requesting_account.default_resource is already a string (pool name) rather than a pool object. Using .name here will yield undefined and either break CreateUser or cause the server to fall back to an unintended default pool.

Consider updating the request construction to pass the name directly:

-        const req = {
-                name: account_name,
-                email: account_name,
-                has_login: false,
-                s3_access: true,
-                allow_bucket_creation: true,
-                owner: requesting_account._id.toString(),
-                iam_path: params.iam_path,
-                roles: ['admin'],
-                // TODO: default_resource remove
-                default_resource: requesting_account.default_resource.name,
-            };
+        const req = {
+            name: account_name,
+            email: account_name,
+            has_login: false,
+            s3_access: true,
+            allow_bucket_creation: true,
+            owner: requesting_account._id.toString(),
+            iam_path: params.iam_path,
+            roles: ['admin'],
+            // `requesting_account.default_resource` is already the pool name from RPC serialization
+            default_resource: requesting_account.default_resource,
+        };

This keeps the behavior consistent with what create_account expects (default_resource as a pool name string) while still avoiding any direct system_store lookup.

🧹 Nitpick comments (2)

src/util/account_util.js (1)

324-332: Returning the account object here is correct and useful

The added return account; keeps existing error semantics while allowing callers (e.g., in account_server.js) to avoid a second system_store lookup. The implementation here looks good.

You may optionally update validate_and_return_requested_account() to use the returned value instead of calling system_store.get_account_by_email() again to reduce duplication and race surface.

src/server/system_services/account_server.js (1)

1227-1281: Centralizing IAM user lookup via _check_if_account_exists looks correct

The refactor in:

• update_user (Lines 1227–1264),
• delete_user (Lines 1268–1281),
• tag_user (Lines 1422–1460),
• untag_user (Lines 1462–1487), and
• list_user_tags (Lines 1489–1515)

to use account_util._check_if_account_exists() and consume its returned requested_account is structurally sound. It:

• Removes duplicate system_store.get_account_by_email() logic,
• Standardizes the “no such entity” error path and messaging, and
• Keeps all ownership and root/IAM distinctions enforced by the existing helper checks.

As a follow-up, you could consider whether some of these flows (especially where you recompute the same email_wrapped and run the same root/ownership checks) could reuse validate_and_return_requested_account() to further reduce repetition, but functionally this change is good.

Also applies to: 1422-1515

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 89f64d8 and 9d097bd.

📒 Files selected for processing (3)

• src/sdk/accountspace_nb.js (4 hunks)
• src/server/system_services/account_server.js (5 hunks)
• src/util/account_util.js (1 hunks)

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js:9-17
Timestamp: 2025-08-08T13:12:46.728Z
Learning: In upgrade script src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js for noobaa-core, rely on structural detection (e.g., pool.mongo_info, and resource_type === 'INTERNAL') with name-prefix fallback for removing legacy mongo/internal pools, instead of depending solely on config.INTERNAL_STORAGE_POOL_NAME or config.DEFAULT_POOL_NAME. Handle multi-system stores and remove all matching pools in one change.

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

📚 Learning: 2025-11-19T15:03:42.260Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Applied to files:

• src/util/account_util.js
• src/sdk/accountspace_nb.js
• src/server/system_services/account_server.js

📚 Learning: 2025-11-13T07:56:23.620Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9281
File: src/server/system_services/account_server.js:1053-1058
Timestamp: 2025-11-13T07:56:23.620Z
Learning: In noobaa-core, account_server.js is only used in containerized deployments, not in NSFS/NC deployments. NSFS/NC deployments have separate account management code in src/manage_nsfs/ directory. Therefore, account_server.js only processes accounts from account_schema.js where owner is an objectid reference, never from nsfs_account_schema.js where owner is a string.

Applied to files:

• src/util/account_util.js
• src/sdk/accountspace_nb.js
• src/server/system_services/account_server.js

📚 Learning: 2025-11-12T04:55:42.193Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

Applied to files:

• src/sdk/accountspace_nb.js
• src/server/system_services/account_server.js

📚 Learning: 2025-12-01T13:35:12.469Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9327
File: src/endpoint/iam/ops/iam_get_user.js:32-32
Timestamp: 2025-12-01T13:35:12.469Z
Learning: In AWS IAM GetUser API responses, the Tags field is omitted entirely when a user has no tags. The field only appears in the response after a user has been tagged, and disappears again when all tags are removed. This differs from some AWS APIs that return empty arrays for absent collections.

Applied to files:

• src/server/system_services/account_server.js

🧬 Code graph analysis (1)

src/sdk/accountspace_nb.js (1)

src/server/system_services/account_server.js (19)

• requesting_account (1208-1208)
• requesting_account (1228-1228)
• requesting_account (1269-1269)
• requesting_account (1285-1285)
• requesting_account (1313-1313)
• requesting_account (1344-1344)
• requesting_account (1357-1357)
• requesting_account (1385-1385)
• requesting_account (1402-1402)
• requesting_account (1423-1423)
• requesting_account (1464-1464)
• requesting_account (1491-1491)
• requesting_account (1519-1519)
• requesting_account (1548-1548)
• requesting_account (1562-1562)
• requesting_account (1581-1581)
• params (328-328)
• params (691-691)
• params (955-955)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: run-jest-unit-tests
• GitHub Check: run-package-lock-validation
• GitHub Check: Build Noobaa Image

🔇 Additional comments (1)

src/sdk/accountspace_nb.js (1)

64-161: Consistent use of account_sdk.requesting_account looks good; verify call contracts

The rest of the methods now consistently derive requesting_account from account_sdk.requesting_account and pass it into the corresponding RPC calls. That aligns with the PR goal of avoiding extra system_store lookups.

Please double-check that:

• account_sdk.requesting_account is always populated with the same logical account as req.account on the server side for these IAM flows, and
• The second argument to rpc_client.account.* is still treated as an options/context object and not relied on for anything now removed from system_store.

End-to-end IAM integration tests (especially around user management and access key APIs) should catch any remaining mismatches.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f59a40 and c8167ee.

📒 Files selected for processing (1)

• src/sdk/accountspace_nb.js (4 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js:9-17
Timestamp: 2025-08-08T13:12:46.728Z
Learning: In upgrade script src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js for noobaa-core, rely on structural detection (e.g., pool.mongo_info, and resource_type === 'INTERNAL') with name-prefix fallback for removing legacy mongo/internal pools, instead of depending solely on config.INTERNAL_STORAGE_POOL_NAME or config.DEFAULT_POOL_NAME. Handle multi-system stores and remove all matching pools in one change.

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

📚 Learning: 2025-11-19T15:03:42.260Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-13T07:56:23.620Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9281
File: src/server/system_services/account_server.js:1053-1058
Timestamp: 2025-11-13T07:56:23.620Z
Learning: In noobaa-core, account_server.js is only used in containerized deployments, not in NSFS/NC deployments. NSFS/NC deployments have separate account management code in src/manage_nsfs/ directory. Therefore, account_server.js only processes accounts from account_schema.js where owner is an objectid reference, never from nsfs_account_schema.js where owner is a string.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-12T04:55:42.193Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

Applied to files:

• src/sdk/accountspace_nb.js

🧬 Code graph analysis (1)

src/sdk/accountspace_nb.js (2)

src/server/system_services/account_server.js (27)

• requesting_account (1208-1208)
• requesting_account (1230-1230)
• requesting_account (1279-1279)
• requesting_account (1296-1296)
• requesting_account (1324-1324)
• requesting_account (1355-1355)
• requesting_account (1368-1368)
• requesting_account (1396-1396)
• requesting_account (1413-1413)
• requesting_account (1434-1434)
• requesting_account (1476-1476)
• requesting_account (1505-1505)
• requesting_account (1527-1527)
• requesting_account (1556-1556)
• requesting_account (1570-1570)
• requesting_account (1589-1589)
• account_email_wrapped (1280-1280)
• account_email_wrapped (1435-1435)
• account_email_wrapped (1477-1477)
• account_email_wrapped (1506-1506)
• account_util (25-25)
• account_util (53-53)
• params (328-328)
• params (691-691)
• params (955-955)
• req (134-134)
• req (396-396)

src/util/account_util.js (1)

• req (680-680)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build Noobaa Image
• GitHub Check: run-jest-unit-tests

🔇 Additional comments (2)

src/sdk/accountspace_nb.js (2)

40-41: Clarify the deployment context scope for this verification.

The concern about default_resource availability across "all deployment contexts" may be misdirected. According to account management architecture, NSFS/NC deployments use separate account code in src/manage_nsfs/, while accountspace_nb.js is part of the containerized SDK layer. Verify that default_resource is present in the containerized account schema that populates requesting_account objects, which is the only context relevant for this file.

---

56-56: Verify RPC method signatures accept params without explicit requesting_account.

All RPC method calls (get_user, update_user, delete_user, list_users, create_access_key, get_access_key_last_used, update_access_key, delete_access_key, list_access_keys, tag_user, untag_user, list_user_tags, put_user_policy, get_user_policy, delete_user_policy, list_user_policies) now pass only params without an explicit requesting_account parameter.

Ensure that all these RPC methods in account_server.js have been updated to infer requesting_account from the RPC context (req.account) and that the RPC method signatures no longer require an explicit requesting_account parameter.

Also applies to: 60-60, 66-66, 72-72, 81-81, 85-85, 89-89, 94-94, 99-99, 107-107, 111-111, 115-115, 123-123, 127-127, 131-131, 135-135

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/sdk/accountspace_nb.js (1)

18-22: Constructor fields appear unused; consider cleanup in a follow-up.

this.rpc_client, this.internal_rpc_client, and this.stats are no longer used anywhere in AccountSpaceNB now that all calls go through account_sdk.rpc_client. If nothing else in the codebase depends on these properties being present, you could simplify the constructor signature and remove these assignments in a follow-up to reduce noise.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c8167ee and ebf5f67.

📒 Files selected for processing (1)

• src/sdk/accountspace_nb.js (3 hunks)

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js:9-17
Timestamp: 2025-08-08T13:12:46.728Z
Learning: In upgrade script src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js for noobaa-core, rely on structural detection (e.g., pool.mongo_info, and resource_type === 'INTERNAL') with name-prefix fallback for removing legacy mongo/internal pools, instead of depending solely on config.INTERNAL_STORAGE_POOL_NAME or config.DEFAULT_POOL_NAME. Handle multi-system stores and remove all matching pools in one change.

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

📚 Learning: 2025-11-19T15:03:42.260Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-13T07:56:23.620Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9281
File: src/server/system_services/account_server.js:1053-1058
Timestamp: 2025-11-13T07:56:23.620Z
Learning: In noobaa-core, account_server.js is only used in containerized deployments, not in NSFS/NC deployments. NSFS/NC deployments have separate account management code in src/manage_nsfs/ directory. Therefore, account_server.js only processes accounts from account_schema.js where owner is an objectid reference, never from nsfs_account_schema.js where owner is a string.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-12T04:55:42.193Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-08-08T13:08:38.361Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/server/system_services/bucket_server.js:1324-1327
Timestamp: 2025-08-08T13:08:38.361Z
Learning: In src/server/system_services/bucket_server.js, the update_all_buckets_default_pool(req) handler expects req.rpc_params.pool_name to be a plain string (not a SensitiveString wrapper), so calling .unwrap() is not needed there.

Applied to files:

• src/sdk/accountspace_nb.js

🧬 Code graph analysis (1)

src/sdk/accountspace_nb.js (2)

src/server/system_services/account_server.js (27)

• params (328-328)
• params (691-691)
• params (955-955)
• requesting_account (1208-1208)
• requesting_account (1230-1230)
• requesting_account (1279-1279)
• requesting_account (1296-1296)
• requesting_account (1324-1324)
• requesting_account (1355-1355)
• requesting_account (1368-1368)
• requesting_account (1396-1396)
• requesting_account (1413-1413)
• requesting_account (1434-1434)
• requesting_account (1476-1476)
• requesting_account (1505-1505)
• requesting_account (1527-1527)
• requesting_account (1556-1556)
• requesting_account (1570-1570)
• requesting_account (1589-1589)
• account_email_wrapped (1280-1280)
• account_email_wrapped (1435-1435)
• account_email_wrapped (1477-1477)
• account_email_wrapped (1506-1506)
• account_util (25-25)
• account_util (53-53)
• req (134-134)
• req (396-396)

src/util/account_util.js (1)

• req (680-680)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build Noobaa Image
• GitHub Check: run-jest-unit-tests

🔇 Additional comments (2)

src/sdk/accountspace_nb.js (2)

55-136: RPC delegations via account_sdk.rpc_client.account.* look consistent.

get_user, update_user, delete_user, list_users, and all access-key/tag/policy methods now delegate directly to account_sdk.rpc_client.account.*(params), which keeps signatures simple and removes the extra requesting_account plumbing. This looks consistent across all methods and should preserve behavior as long as the server-side handlers rely on req.account rather than explicit parameters.

---

28-43: No changes needed. The code correctly uses requesting_account._id without .toString() because in the containerized deployment context (where accountspace_nb operates via account_sdk), the account object is loaded from system_store where owner is an ObjectId reference with an ._id property. The RPC serialization (which converts IDs to strings) occurs during the account_sdk.rpc_client.account.create_user(req) call, not before it. This differs from S3 REST flows where accounts come pre-serialized from RPC, but both patterns are correct for their respective contexts.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

src/sdk/accountspace_nb.js (2)

78-98: User access key methods: consistent RPC forwarding.

These access key methods now cleanly proxy to account_sdk.rpc_client.account.* with just params, matching the updated pattern from the user methods. This looks consistent and correct; any redundant return await patterns here can be simplified the same way as above if you prefer.

---

104-114: User tag methods: straightforward delegation.

tag_user, untag_user, and list_user_tags now simply delegate to the account RPC client with no extra context, which is consistent with the rest of this class and the goal of removing system_store lookups. No functional issues spotted.

🧹 Nitpick comments (2)

src/sdk/accountspace_nb.js (2)

28-51: create_user: requesting_account usage and owner/id wiring look correct.

Using account_sdk.requesting_account instead of re‑querying system_store is appropriate here; _id is already a string in this context, so passing requesting_account._id into get_account_email_from_username and into owner is correct without .toString(). The response mapping also looks consistent with the returned iam_account fields.

If you want to tighten this further, you could:

• Use iam_account.iam_path from the RPC response instead of recomputing params.iam_path || IAM_DEFAULT_PATH, so the returned value always reflects the server’s source of truth.
• Optionally default iam_path in req itself (e.g., iam_path: params.iam_path || IAM_DEFAULT_PATH) to keep request/response aligned.

Based on learnings, requesting_account._id is already a string in this file.

---

53-71: User methods: pass‑through RPC calls look correct (minor async nit).

Forwarding params directly to account_sdk.rpc_client.account.* and dropping the extra requesting_account argument aligns with obtaining the caller context from the RPC layer instead of system_store.

The only minor style nit is the redundant await in return await ... — you could simplify to return account_sdk.rpc_client.account.get_user(params); (and similarly for update_user, delete_user, list_users) if you don’t rely on the extra stack frame.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88827be and 977d2da.

📒 Files selected for processing (1)

• src/sdk/accountspace_nb.js (3 hunks)

🧰 Additional context used

🧠 Learnings (8)

📓 Common learnings

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9330
File: src/sdk/accountspace_nb.js:30-30
Timestamp: 2025-12-04T10:55:08.638Z
Learning: In src/sdk/accountspace_nb.js, account_sdk.requesting_account comes from RPC serialization, so requesting_account._id is already a string (not an ObjectId). This differs from system_store.get_account_by_email() which returns accounts with ObjectId._id references. Therefore, no .toString() conversion is needed when using account_sdk.requesting_account._id in accountspace_nb.js.

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

📚 Learning: 2025-12-04T10:55:08.638Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9330
File: src/sdk/accountspace_nb.js:30-30
Timestamp: 2025-12-04T10:55:08.638Z
Learning: In src/sdk/accountspace_nb.js, account_sdk.requesting_account comes from RPC serialization, so requesting_account._id is already a string (not an ObjectId). This differs from system_store.get_account_by_email() which returns accounts with ObjectId._id references. Therefore, no .toString() conversion is needed when using account_sdk.requesting_account._id in accountspace_nb.js.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-19T15:03:42.260Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9291
File: src/server/common_services/auth_server.js:548-554
Timestamp: 2025-11-19T15:03:42.260Z
Learning: In src/server/common_services/auth_server.js, account objects are loaded directly from system_store (e.g., system_store.data.get_by_id()), so account.owner is an object ID reference with an ._id property, not a string. This differs from s3_rest.js where account.owner is a string due to RPC serialization.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-13T07:56:23.620Z

Learnt from: shirady
Repo: noobaa/noobaa-core PR: 9281
File: src/server/system_services/account_server.js:1053-1058
Timestamp: 2025-11-13T07:56:23.620Z
Learning: In noobaa-core, account_server.js is only used in containerized deployments, not in NSFS/NC deployments. NSFS/NC deployments have separate account management code in src/manage_nsfs/ directory. Therefore, account_server.js only processes accounts from account_schema.js where owner is an objectid reference, never from nsfs_account_schema.js where owner is a string.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-12T04:55:42.193Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_rest.js:258-261
Timestamp: 2025-11-12T04:55:42.193Z
Learning: In the context of S3 REST requests (src/endpoint/s3/s3_rest.js), the account.owner field from req.object_sdk.requesting_account is already a string (account ID) because it comes from RPC serialization where owner._id.toString() is applied in account_server.js. No additional .toString() or ._id extraction is needed when passing account.owner to IAM utility functions.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-08-08T13:08:38.361Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/server/system_services/bucket_server.js:1324-1327
Timestamp: 2025-08-08T13:08:38.361Z
Learning: In src/server/system_services/bucket_server.js, the update_all_buckets_default_pool(req) handler expects req.rpc_params.pool_name to be a plain string (not a SensitiveString wrapper), so calling .unwrap() is not needed there.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-08-08T13:12:46.728Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9182
File: src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js:9-17
Timestamp: 2025-08-08T13:12:46.728Z
Learning: In upgrade script src/upgrade/upgrade_scripts/5.20.0/remove_mongo_pool.js for noobaa-core, rely on structural detection (e.g., pool.mongo_info, and resource_type === 'INTERNAL') with name-prefix fallback for removing legacy mongo/internal pools, instead of depending solely on config.INTERNAL_STORAGE_POOL_NAME or config.DEFAULT_POOL_NAME. Handle multi-system stores and remove all matching pools in one change.

Applied to files:

• src/sdk/accountspace_nb.js

📚 Learning: 2025-11-18T07:00:17.653Z

Learnt from: naveenpaul1
Repo: noobaa/noobaa-core PR: 9277
File: src/endpoint/s3/s3_bucket_policy_utils.js:357-368
Timestamp: 2025-11-18T07:00:17.653Z
Learning: In NooBaa codebase, account.name is always a SensitiveString instance, so calling account.name.unwrap() is safe without defensive type checks in functions like get_bucket_policy_principal_arn in src/endpoint/s3/s3_bucket_policy_utils.js.

Applied to files:

• src/sdk/accountspace_nb.js

🧬 Code graph analysis (1)

src/sdk/accountspace_nb.js (2)

src/server/system_services/account_server.js (27)

• params (328-328)
• params (691-691)
• params (955-955)
• requesting_account (1208-1208)
• requesting_account (1230-1230)
• requesting_account (1279-1279)
• requesting_account (1296-1296)
• requesting_account (1324-1324)
• requesting_account (1355-1355)
• requesting_account (1368-1368)
• requesting_account (1396-1396)
• requesting_account (1413-1413)
• requesting_account (1434-1434)
• requesting_account (1476-1476)
• requesting_account (1505-1505)
• requesting_account (1527-1527)
• requesting_account (1556-1556)
• requesting_account (1570-1570)
• requesting_account (1589-1589)
• account_email_wrapped (1280-1280)
• account_email_wrapped (1435-1435)
• account_email_wrapped (1477-1477)
• account_email_wrapped (1506-1506)
• account_util (25-25)
• account_util (53-53)
• req (134-134)
• req (396-396)

src/util/account_util.js (1)

• req (680-680)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Build Noobaa Image
• GitHub Check: run-package-lock-validation
• GitHub Check: run-jest-unit-tests

🔇 Additional comments (2)

src/sdk/accountspace_nb.js (2)

24-26: Section renames improve clarity.

Renaming the section headers from generic “ACCOUNT” to “USER …”/“USER ACCESS KEY …”/“USER TAGS …”/“POLICY METHODS” better reflects the IAM semantics and is consistent. No issues here.

Also applies to: 74-76, 100-102, 116-118

---

120-134: User policy methods: delegation pattern matches the rest.

Policy-related methods (put_user_policy, get_user_policy, delete_user_policy, list_user_policies) follow the same simplified delegation approach as the user and access‑key methods. Assuming the RPC signatures were updated to no longer expect a requesting_account argument, this is correct and consistent.

You may want to confirm RPC signatures once across the codebase to ensure no remaining callers still pass requesting_account, but this file’s usage is coherent with the described change.