nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[SM-465] Add access policy on service account creation (#2649)

Browse Source 
* Add access policy on service account creation
This commit is contained in:
Thomas Avery
2023-02-02 12:25:14 -06:00
committed by GitHub
parent 6390aaa011
commit 0ce95ec147
12 changed files with 101 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTest.cs
View File

@ -129,6 +129,26 @@ public class AccessPoliciesControllerTest : IClassFixture<ApiApplicationFactory>
Assert.Null(test);
}
[Fact]
public async Task GetProjectAccessPolicies_ReturnsEmpty()
{
var initialProject = await _projectRepository.CreateAsync(new Project
{
OrganizationId = _organization.Id,
Name = _mockEncryptedString,
});
var response = await _client.GetAsync($"/projects/{initialProject.Id}/access-policies");
response.EnsureSuccessStatusCode();
var result = await response.Content.ReadFromJsonAsync<ProjectAccessPoliciesResponseModel>();
Assert.NotNull(result);
Assert.Empty(result!.UserAccessPolicies);
Assert.Empty(result!.GroupAccessPolicies);
Assert.Empty(result!.ServiceAccountAccessPolicies);
}
[Fact]
public async Task GetProjectAccessPolicies()
{

9
test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
View File

@ -153,6 +153,15 @@ public class ServiceAccountsControllerTest : IClassFixture<ApiApplicationFactory
Assert.Equal(request.Name, createdServiceAccount.Name);
AssertHelper.AssertRecent(createdServiceAccount.RevisionDate);
AssertHelper.AssertRecent(createdServiceAccount.CreationDate);
// Check permissions have been bootstrapped.
var accessPolicies = await _accessPolicyRepository.GetManyByGrantedServiceAccountIdAsync(createdServiceAccount.Id);
Assert.NotNull(accessPolicies);
var ap = accessPolicies!.First();
Assert.True(ap.Read);
Assert.True(ap.Write);
AssertHelper.AssertRecent(ap.CreationDate);
AssertHelper.AssertRecent(ap.RevisionDate);
}
[Theory]

6
test/Api.Test/SecretsManager/Controllers/AccessPoliciesControllerTests.cs
View File

@ -25,7 +25,7 @@ public class AccessPoliciesControllerTests
var result = await sutProvider.Sut.GetProjectAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
.GetManyByProjectId(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
.GetManyByGrantedProjectIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.Empty(result.GroupAccessPolicies);
Assert.Empty(result.UserAccessPolicies);
@ -37,13 +37,13 @@ public class AccessPoliciesControllerTests
public async void GetAccessPoliciesByProject_Success(SutProvider<AccessPoliciesController> sutProvider, Guid id,
UserProjectAccessPolicy resultAccessPolicy)
{
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByProjectId(default)
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedProjectIdAsync(default)
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
var result = await sutProvider.Sut.GetProjectAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
.GetManyByProjectId(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
.GetManyByGrantedProjectIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.Empty(result.GroupAccessPolicies);
Assert.NotEmpty(result.UserAccessPolicies);

11
test/Api.Test/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
View File

@ -66,14 +66,15 @@ public class ServiceAccountsControllerTests
[BitAutoData]
public async void CreateServiceAccount_Success(SutProvider<ServiceAccountsController> sutProvider, ServiceAccountCreateRequestModel data, Guid organizationId)
{
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(organizationId).Returns(true);
sutProvider.GetDependency<ICurrentContext>().OrganizationUser(default).ReturnsForAnyArgs(true);
var resultServiceAccount = data.ToServiceAccount(organizationId);
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default).ReturnsForAnyArgs(resultServiceAccount);
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default, default).ReturnsForAnyArgs(resultServiceAccount);
await sutProvider.Sut.CreateAsync(organizationId, data);
await sutProvider.GetDependency<ICreateServiceAccountCommand>().Received(1)
.CreateAsync(Arg.Any<ServiceAccount>());
.CreateAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid>());
}
[Theory]
@ -82,11 +83,13 @@ public class ServiceAccountsControllerTests
{
sutProvider.GetDependency<ICurrentContext>().OrganizationUser(default).ReturnsForAnyArgs(false);
var resultServiceAccount = data.ToServiceAccount(organizationId);
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default).ReturnsForAnyArgs(resultServiceAccount);
sutProvider.GetDependency<ICreateServiceAccountCommand>().CreateAsync(default, default).ReturnsForAnyArgs(resultServiceAccount);
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.CreateAsync(organizationId, data));
await sutProvider.GetDependency<ICreateServiceAccountCommand>().DidNotReceiveWithAnyArgs().CreateAsync(Arg.Any<ServiceAccount>());
await sutProvider.GetDependency<ICreateServiceAccountCommand>()
.DidNotReceiveWithAnyArgs()
.CreateAsync(Arg.Any<ServiceAccount>(), Arg.Any<Guid>());
}
[Theory]