nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 07:36:14 -05:00
Code Activity

[SM-713] Add database support for secret access policies (#3681)

Browse Source 
* mssql add column and migration

* Add secret access policies to EF models and config

* Clear new access policies on service account delete

* Add SM cleanup code on delete

* Fix EF org user bulk delete

* Run EF migrations
This commit is contained in:
Thomas Avery
2024-02-22 10:06:39 -06:00
committed by GitHub
parent 374b59bcfb
commit 1499d1e2c6
20 changed files with 8315 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2518
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.Designer.cs generated Normal file
View File

File diff suppressed because it is too large Load Diff

49
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.cs Normal file
View File

@ -0,0 +1,49 @@
using Microsoft.EntityFrameworkCore.Migrations;
#nullable disable
namespace Bit.MySqlMigrations.Migrations;
/// <inheritdoc />
public partial class AddSecretAccessPolicies : Migration
{
/// <inheritdoc />
protected override void Up(MigrationBuilder migrationBuilder)
{
migrationBuilder.AddColumn<Guid>(
name: "GrantedSecretId",
table: "AccessPolicy",
type: "char(36)",
nullable: true,
collation: "ascii_general_ci");
migrationBuilder.CreateIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId");
migrationBuilder.AddForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy",
column: "GrantedSecretId",
principalTable: "Secret",
principalColumn: "Id",
onDelete: ReferentialAction.Cascade);
}
/// <inheritdoc />
protected override void Down(MigrationBuilder migrationBuilder)
{
migrationBuilder.DropForeignKey(
name: "FK_AccessPolicy_Secret_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropIndex(
name: "IX_AccessPolicy_GrantedSecretId",
table: "AccessPolicy");
migrationBuilder.DropColumn(
name: "GrantedSecretId",
table: "AccessPolicy");
}
}

122
util/MySqlMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@ -1732,6 +1732,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("group_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("GroupId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GroupId");
b.HasIndex("GrantedSecretId");
b.HasIndex("GroupId");
b.HasDiscriminator().HasValue("group_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1763,6 +1784,7 @@ namespace Bit.MySqlMigrations.Migrations
.HasColumnName("GrantedProjectId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("ServiceAccountId");
@ -1773,6 +1795,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("service_account_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("ServiceAccountId");
b.HasIndex("GrantedSecretId");
b.HasIndex("ServiceAccountId");
b.HasDiscriminator().HasValue("service_account_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -1794,6 +1837,27 @@ namespace Bit.MySqlMigrations.Migrations
b.HasDiscriminator().HasValue("user_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("OrganizationUserId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("char(36)")
.HasColumnName("OrganizationUserId");
b.HasIndex("GrantedSecretId");
b.HasIndex("OrganizationUserId");
b.HasDiscriminator().HasValue("user_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@ -2245,6 +2309,23 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("GroupAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
.WithMany()
.HasForeignKey("GroupId")
.OnDelete(DeleteBehavior.Cascade);
b.Navigation("GrantedSecret");
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2277,6 +2358,22 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("ServiceAccountAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
.WithMany()
.HasForeignKey("ServiceAccountId");
b.Navigation("GrantedSecret");
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
@ -2293,6 +2390,22 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("UserAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
.WithMany()
.HasForeignKey("OrganizationUserId");
b.Navigation("GrantedSecret");
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@ -2376,6 +2489,15 @@ namespace Bit.MySqlMigrations.Migrations
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
{
b.Navigation("GroupAccessPolicies");
b.Navigation("ServiceAccountAccessPolicies");
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
{
b.Navigation("GroupAccessPolicies");