[PM-2944] Enable Nullable For Secrets Manager (#4389)

* Enable `nullable` for `ApiKey` * Switch to Using `required` * Make Scope Be Valid JSON * Update test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Move Nullable Directive --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com>
2025-06-30 07:36:14 -05:00 · 2024-07-03 15:17:10 -04:00
parent 6eb2a6e75d
commit 1d09b88ade
4 changed files with 54 additions and 40 deletions
--- a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
+++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs
@ -1,4 +1,5 @@
 using System.Net;
+using System.Text.Json.Nodes;
 using Bit.Api.IntegrationTest.Factories;
 using Bit.Api.IntegrationTest.SecretsManager.Enums;
 using Bit.Api.IntegrationTest.SecretsManager.Helpers;
@ -440,7 +441,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            Name = _mockEncryptedString,
        });

-        await _apiKeyRepository.CreateAsync(new ApiKey { ServiceAccountId = serviceAccount.Id });
+        await _apiKeyRepository.CreateAsync(CreateTestApiKey(serviceAccount.Id));

        if (permissionType == PermissionType.RunAsAdmin)
        {
@ -507,12 +508,9 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            Name = _mockEncryptedString,
        });

-        await _apiKeyRepository.CreateAsync(new ApiKey
-        {
-            ServiceAccountId = serviceAccount.Id,
-            Name = _mockEncryptedString,
-            ExpireAt = DateTime.UtcNow.AddDays(30),
-        });
+        await _apiKeyRepository.CreateAsync(
+            CreateTestApiKey(serviceAccount.Id, _mockEncryptedString, DateTime.UtcNow.AddDays(30))
+        );

        var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens");
        Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
@ -548,12 +546,9 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            });
        }

-        var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
-        {
-            ServiceAccountId = serviceAccount.Id,
-            Name = _mockEncryptedString,
-            ExpireAt = DateTime.UtcNow.AddDays(30),
-        });
+        var accessToken = await _apiKeyRepository.CreateAsync(
+            CreateTestApiKey(serviceAccount.Id, _mockEncryptedString, DateTime.UtcNow.AddDays(30))
+        );


        var response = await _client.GetAsync($"/service-accounts/{serviceAccount.Id}/access-tokens");
@ -746,12 +741,9 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            Name = _mockEncryptedString
        });

-        var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
-        {
-            ServiceAccountId = serviceAccount.Id,
-            Name = _mockEncryptedString,
-            ExpireAt = DateTime.UtcNow.AddDays(30)
-        });
+        var accessToken = await _apiKeyRepository.CreateAsync(
+            CreateTestApiKey(serviceAccount.Id, _mockEncryptedString, DateTime.UtcNow.AddDays(30))
+        );

        var request = new RevokeAccessTokensRequest
        {
@ -790,12 +782,9 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            });
        }

-        var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
-        {
-            ServiceAccountId = serviceAccount.Id,
-            Name = _mockEncryptedString,
-            ExpireAt = DateTime.UtcNow.AddDays(30)
-        });
+        var accessToken = await _apiKeyRepository.CreateAsync(
+            CreateTestApiKey(serviceAccount.Id, _mockEncryptedString, DateTime.UtcNow.AddDays(30))
+        );

        var request = new RevokeAccessTokensRequest
        {
@ -839,12 +828,9 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
            });
        }

-        var accessToken = await _apiKeyRepository.CreateAsync(new ApiKey
-        {
-            ServiceAccountId = serviceAccount.Id,
-            Name = _mockEncryptedString,
-            ExpireAt = DateTime.UtcNow.AddDays(30),
-        });
+        var accessToken = await _apiKeyRepository.CreateAsync(
+            CreateTestApiKey(serviceAccount.Id, _mockEncryptedString, DateTime.UtcNow.AddDays(30))
+        );

        var request = new RevokeAccessTokensRequest
        {
@ -943,6 +929,22 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
        return (org.Id, serviceAccountIds);
    }

+    private static ApiKey CreateTestApiKey(Guid serviceAccountId, string name = _mockEncryptedString, DateTime? expiresAt = null)
+    {
+        return new ApiKey
+        {
+            ServiceAccountId = serviceAccountId,
+            Name = name,
+            ExpireAt = expiresAt,
+            Scope = new JsonArray
+            {
+                "api.secrets",
+            }.ToJsonString(),
+            EncryptedPayload = _mockEncryptedString,
+            Key = _mockEncryptedString,
+        };
+    }
+
    private async Task<Dictionary<Guid, int>> SetupServiceAccountSecretAccessAsync(List<Guid> serviceAccountIds,
        Guid organizationId)
    {