nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 15:42:48 -05:00
Code Activity

[SM-713] Add database support for secret access policies (#3681)

Browse Source 
* mssql add column and migration

* Add secret access policies to EF models and config

* Clear new access policies on service account delete

* Add SM cleanup code on delete

* Fix EF org user bulk delete

* Run EF migrations
This commit is contained in:
Thomas Avery
2024-02-22 10:06:39 -06:00
committed by GitHub
parent 374b59bcfb
commit 1499d1e2c6
20 changed files with 8315 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
util/Migrator/DbScripts/2024-02-16_00_AddSecretAccessPolicies.sql Normal file
View File

@ -0,0 +1,14 @@
IF COL_LENGTH('[dbo].[AccessPolicy]', 'GrantedSecretId') IS NULL
BEGIN
ALTER TABLE [dbo].[AccessPolicy] ADD [GrantedSecretId] [uniqueidentifier] NULL
CONSTRAINT [FK_AccessPolicy_Secret_GrantedSecretId] FOREIGN KEY ([GrantedSecretId]) REFERENCES [Secret] ([Id]) ON DELETE CASCADE
END
GO
IF NOT EXISTS(SELECT name
FROM sys.indexes
WHERE name = 'IX_AccessPolicy_GrantedSecretId')
BEGIN
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedSecretId] ON [dbo].[AccessPolicy] ([GrantedSecretId] ASC);
END
GO

2518
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

49
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.cs Normal file
View File

@ -0,0 +1,49 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class AddSecretAccessPolicies : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "GrantedSecretId",
table: "AccessPolicy",
type: "char(36)",
nullable: true,
collation: "ascii_general_ci");
migrationBuilder.CreateIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId");
migrationBuilder.AddForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId",
principalTable: "Secret",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropColumn(
name: "GrantedSecretId",
table: "AccessPolicy");
}
}

122
util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -1732,6 +1732,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("group_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("GroupId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GroupId");
b.HasIndex("GrantedSecretId");
b.HasIndex("GroupId");
b.HasDiscriminator().HasValue("group_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1763,6 +1784,7 @@ namespace Bit.MySqlMigrations.Migrations
.HasColumnName("GrantedProjectId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("ServiceAccountId");
@ -1773,6 +1795,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("service_account_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("ServiceAccountId");
b.HasIndex("GrantedSecretId");
b.HasIndex("ServiceAccountId");
b.HasDiscriminator().HasValue("service_account_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1794,6 +1837,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("user_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("OrganizationUserId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("OrganizationUserId");
b.HasIndex("GrantedSecretId");
b.HasIndex("OrganizationUserId");
b.HasDiscriminator().HasValue("user_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -2245,6 +2309,23 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("GroupAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
.WithMany()
.HasForeignKey("GroupId")
.OnDelete(DeleteBehavior.Cascade);
b.Navigation("GrantedSecret");
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2277,6 +2358,22 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("ServiceAccountAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
.WithMany()
.HasForeignKey("ServiceAccountId");
b.Navigation("GrantedSecret");
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
@ -2293,6 +2390,22 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("UserAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
.WithMany()
.HasForeignKey("OrganizationUserId");
b.Navigation("GrantedSecret");
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2376,6 +2489,15 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
{
b.Navigation("GroupAccessPolicies");
b.Navigation("ServiceAccountAccessPolicies");
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
{
b.Navigation("GroupAccessPolicies");

2532
util/PostgresMigrations/Migrations/20240216170332_AddSecretAccessPolicies.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

48
util/PostgresMigrations/Migrations/20240216170332_AddSecretAccessPolicies.cs Normal file
View File

@ -0,0 +1,48 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.PostgresMigrations.Migrations;
/// <inheritdoc />
public partial class AddSecretAccessPolicies : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "GrantedSecretId",
table: "AccessPolicy",
type: "uuid",
nullable: true);
migrationBuilder.CreateIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId");
migrationBuilder.AddForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId",
principalTable: "Secret",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropColumn(
name: "GrantedSecretId",
table: "AccessPolicy");
}
}

122
util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -1746,6 +1746,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("group_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("GroupId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GroupId");
b.HasIndex("GrantedSecretId");
b.HasIndex("GroupId");
b.HasDiscriminator().HasValue("group_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1777,6 +1798,7 @@ namespace Bit.PostgresMigrations.Migrations
.HasColumnName("GrantedProjectId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("ServiceAccountId");
@ -1787,6 +1809,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("service_account_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("ServiceAccountId");
b.HasIndex("GrantedSecretId");
b.HasIndex("ServiceAccountId");
b.HasDiscriminator().HasValue("service_account_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1808,6 +1851,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("user_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("OrganizationUserId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("OrganizationUserId");
b.HasIndex("GrantedSecretId");
b.HasIndex("OrganizationUserId");
b.HasDiscriminator().HasValue("user_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -2259,6 +2323,23 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("GroupAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
.WithMany()
.HasForeignKey("GroupId")
.OnDelete(DeleteBehavior.Cascade);
b.Navigation("GrantedSecret");
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2291,6 +2372,22 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("ServiceAccountAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
.WithMany()
.HasForeignKey("ServiceAccountId");
b.Navigation("GrantedSecret");
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
@ -2307,6 +2404,22 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("UserAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
.WithMany()
.HasForeignKey("OrganizationUserId");
b.Navigation("GrantedSecret");
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2390,6 +2503,15 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
{
b.Navigation("GroupAccessPolicies");
b.Navigation("ServiceAccountAccessPolicies");
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
{
b.Navigation("GroupAccessPolicies");

2516
util/SqliteMigrations/Migrations/20240216170322_AddSecretAccessPolicies.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

48
util/SqliteMigrations/Migrations/20240216170322_AddSecretAccessPolicies.cs Normal file
View File

@ -0,0 +1,48 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.SqliteMigrations.Migrations;
/// <inheritdoc />
public partial class AddSecretAccessPolicies : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "GrantedSecretId",
table: "AccessPolicy",
type: "TEXT",
nullable: true);
migrationBuilder.CreateIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId");
migrationBuilder.AddForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId",
principalTable: "Secret",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropColumn(
name: "GrantedSecretId",
table: "AccessPolicy");
}
}

122
util/SqliteMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -1730,6 +1730,27 @@ namespace Bit.SqliteMigrations.Migrations
b.HasDiscriminator().HasValue("group_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("GroupId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("GroupId");
b.HasIndex("GrantedSecretId");
b.HasIndex("GroupId");
b.HasDiscriminator().HasValue("group_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1761,6 +1782,7 @@ namespace Bit.SqliteMigrations.Migrations
.HasColumnName("GrantedProjectId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("ServiceAccountId");
@ -1771,6 +1793,27 @@ namespace Bit.SqliteMigrations.Migrations
b.HasDiscriminator().HasValue("service_account_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("ServiceAccountId");
b.HasIndex("GrantedSecretId");
b.HasIndex("ServiceAccountId");
b.HasDiscriminator().HasValue("service_account_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1792,6 +1835,27 @@ namespace Bit.SqliteMigrations.Migrations
b.HasDiscriminator().HasValue("user_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("OrganizationUserId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("TEXT")
.HasColumnName("OrganizationUserId");
b.HasIndex("GrantedSecretId");
b.HasIndex("OrganizationUserId");
b.HasDiscriminator().HasValue("user_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -2243,6 +2307,23 @@ namespace Bit.SqliteMigrations.Migrations
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("GroupAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
.WithMany()
.HasForeignKey("GroupId")
.OnDelete(DeleteBehavior.Cascade);
b.Navigation("GrantedSecret");
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2275,6 +2356,22 @@ namespace Bit.SqliteMigrations.Migrations
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("ServiceAccountAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
.WithMany()
.HasForeignKey("ServiceAccountId");
b.Navigation("GrantedSecret");
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
@ -2291,6 +2388,22 @@ namespace Bit.SqliteMigrations.Migrations
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("UserAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
.WithMany()
.HasForeignKey("OrganizationUserId");
b.Navigation("GrantedSecret");
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2374,6 +2487,15 @@ namespace Bit.SqliteMigrations.Migrations
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
{
b.Navigation("GroupAccessPolicies");
b.Navigation("ServiceAccountAccessPolicies");
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
{
b.Navigation("GroupAccessPolicies");