From 3573aee2efb0558419117ae6070b3020602a4baf Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Sat, 5 Aug 2023 07:51:12 +1000 Subject: [PATCH] [AC-1512] Feature: Secrets Manager Billing - round 2 (#3119) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037) * [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem - Add a helper method to determine the appropriate addon type based on the subscription items StripeId * [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId * [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct * Add SecretsManagerBilling feature flag to Constants * [AC 1409] Secrets Manager Subscription Stripe Integration (#3019) * Adding the Secret manager to the Plan List * Adding the unit test for the StaticStoreTests class * Fix whitespace formatting * Fix whitespace formatting * Price update * Resolving the PR comments * Resolving PR comments * Fixing the whitespace * only password manager plans are return for now * format whitespace * Resolve the test issue * Fixing the failing test * Refactoring the Plan separation * add a unit test for SingleOrDefault * Fix the whitespace format * Separate the PM and SM plans * Fixing the whitespace * Remove unnecessary directive * Fix imports ordering * Fix imports ordering * Resolve imports ordering * Fixing imports ordering * Fix response model, add MaxProjects * Fix filename * Fix format * Fix: seat price should match annual/monthly * Fix service account annual pricing * Changes for secret manager signup and upgradeplan * Changes for secrets manager signup and upgrade * refactoring the code * Format whitespace * remove unnecessary using directive * Resolve the PR comment on Subscription creation * Resolve PR comment * Add password manager to the error message * Add UseSecretsManager to the event log * Resolve PR comment on plan validation * Resolving pr comments for service account count * Resolving pr comments for service account count * Resolve the pr comments * Remove the store procedure that is no-longer needed * Rename a property properly * Resolving the PR comment * Resolve PR comments * Resolving PR comments * Resolving the Pr comments * Resolving some PR comments * Resolving the PR comments * Resolving the build identity build * Add additional Validation * Resolve the Lint issues * remove unnecessary using directive * Remove the white spaces * Adding unit test for the stripe payment * Remove the incomplete test * Fixing the failing test * Fix the failing test * Fix the fail test on organization service * Fix the failing unit test * Fix the whitespace format * Fix the failing test * Fix the whitespace format * resolve pr comments * Fix the lint message * Resolve the PR comments * resolve pr comments * Resolve pr comments * Resolve the pr comments * remove unused code * Added for sm validation test * Fix the whitespace format issues --------- Co-authored-by: Thomas Rittson Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update * SM-802: Run EF Migrations for SecretsManagerBeta * SM-802: Update the two Org procs and View, and move data migration to a separate file * SM-802: Add missing comma to Organization_Create * [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055) * SM-802: Remove extra GO statement from data migration script * [AC 1460] Update Stripe Configuration (#3070) * change the stripeseat id * change service accountId to align with new product * make all the Id name for consistent * SM-802: Add SecretsManagerBeta to OrganizationResponseModel * SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script. * SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes * [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036) * Create UpgradeSecretsManagerSubscription command --------- Co-authored-by: Thomas Rittson * SM-802: Remove SecretsManagerBetaColumn migration * SM-802: Add SecretsManagerBetaColumn migration * SM-802: Remove OrganizationUserOrganizationDetailsView update * [AC-1495] Extract UpgradePlanAsync into a command (#3081) * This is a pure lift & shift with no refactors * Only register subscription commands in Api --------- Co-authored-by: cyprain-okeke * [AC-1503] Fix Stripe integration on organization upgrade (#3084) * Fix SM parameters not being passed to Stripe * Fix flaky test * Fix error message * [AC-1504] Allow SM max autoscale limits to be disabled (#3085) * [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086) * [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089) * Revert changes to ReferenceEvent code (#3091) * Revert changes to ReferenceEvent code This will be done in AC-1481 * Revert ReferenceEventType change * Move NoopServiceAccountRepository to SM and update namespace * [AC-1462] Add secrets manager service accounts autoscaling commands (#3059) * Adding the Secret manager to the Plan List * Adding the unit test for the StaticStoreTests class * Fix whitespace formatting * Fix whitespace formatting * Price update * Resolving the PR comments * Resolving PR comments * Fixing the whitespace * only password manager plans are return for now * format whitespace * Resolve the test issue * Fixing the failing test * Refactoring the Plan separation * add a unit test for SingleOrDefault * Fix the whitespace format * Separate the PM and SM plans * Fixing the whitespace * Remove unnecessary directive * Fix imports ordering * Fix imports ordering * Resolve imports ordering * Fixing imports ordering * Fix response model, add MaxProjects * Fix filename * Fix format * Fix: seat price should match annual/monthly * Fix service account annual pricing * Changes for secret manager signup and upgradeplan * Changes for secrets manager signup and upgrade * refactoring the code * Format whitespace * remove unnecessary using directive * Changes for subscription Update * Update the seatAdjustment and update * Resolve the PR comment on Subscription creation * Resolve PR comment * Add password manager to the error message * Add UseSecretsManager to the event log * Resolve PR comment on plan validation * Resolving pr comments for service account count * Resolving pr comments for service account count * Resolve the pr comments * Remove the store procedure that is no-longer needed * Add a new class for update subscription * Modify the Update subscription for sm * Add the missing property * Rename a property properly * Resolving the PR comment * Resolve PR comments * Resolving PR comments * Resolving the Pr comments * Resolving some PR comments * Resolving the PR comments * Resolving the build identity build * Add additional Validation * Resolve the Lint issues * remove unnecessary using directive * Remove the white spaces * Adding unit test for the stripe payment * Remove the incomplete test * Fixing the failing test * Fix the failing test * Fix the fail test on organization service * Fix the failing unit test * Fix the whitespace format * Fix the failing test * Fix the whitespace format * resolve pr comments * Fix the lint message * refactor the code * Fix the failing Test * adding a new endpoint * Remove the unwanted code * Changes for Command and Queries * changes for command and queries * Fix the Lint issues * Fix imports ordering * Resolve the PR comments * resolve pr comments * Resolve pr comments * Fix the failing test on adjustSeatscommandtests * Fix the failing test * Fix the whitespaces * resolve failing test * rename a property * Resolve the pr comments * refactoring the existing implementation * Resolve the whitespaces format issue * Resolve the pr comments * [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests * [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery * [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation * Add more unit testing * fix the whitespaces issues * [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand * Add more unit test * Remove unnecessary directive * Resolve some pr comments * Adding more unit test * adding more test * add more test * Resolving some pr comments * Resolving some pr comments * Resolving some pr comments * resolve some pr comments * Resolving pr comments * remove whitespaces * remove white spaces * Resolving pr comments * resolving pr comments and fixing white spaces * resolving the lint error * Run dotnet format * resolving the pr comments * Add a missing properties to plan response model * Add the email sender for sm seat and service acct * Add the email sender for sm seat and service acct * Fix the failing test after email sender changes * Add staticstorewrapper to properly test the plans * Add more test and validate the existing test * Fix the white spaces issues * Remove staticstorewrapper and fix the test * fix a null issue on autoscaling * Suggestion: do all seat calculations in update model * Resolve some pr comments * resolving some pr comments * Return value is unnecessary * Resolve the failing test * resolve pr comments * Resolve the pr comments * Resolving admin api failure and adding more test * Resolve the issue failing admin project * Fixing the failed test * Clarify naming and add comments * Clarify naming conventions * Dotnet format * Fix the failing dependency * remove similar test * [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic * [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand * [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync * [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor * [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests * [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests * [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests * [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync * [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes * [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection * [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel * [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values --------- Co-authored-by: cyprain-okeke Co-authored-by: Thomas Rittson Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * Add UsePasswordManager to sync data (#3114) * [AC-1522] Fix service account check on upgrading (#3111) * Resolved the checkmarx issues * [AC-1521] Address checkmarx security feedback (#3124) * Reinstate target attribute but add noopener noreferrer * Update date on migration script * Remove unused constant * Revert "Remove unused constant" This reverts commit 4fcb9da4d62af815c01579ab265d0ce11b47a9bb. This is required to make feature flags work on the client * [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription (#3087) --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Thomas Rittson * Remove duplicate migrations from incorrectly resolved merge * [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true (#3112) Co-authored-by: Thomas Rittson * [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations (#3138) * Resolve the failing family plan * resolve issues * Resolve code related pr comments * Resolve test related comments * Resolving or comments * [SM-809] Add service account slot limit check (#3093) * Add service account slot limit check * Add query to DI * [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection * remove duplicate DI entry * Update unit tests * Remove comment * Code review updates --------- Co-authored-by: cyprain-okeke Co-authored-by: Thomas Rittson Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Co-authored-by: Rui Tome * [AC-1461] Secrets manager seat autoscaling (#3121) * Add autoscaling code to invite user, save user, and bulk enable SM flows * Add tests * Delete command for BulkEnableSecretsManager * circular dependency between OrganizationService and UpdateSecretsManagerSubscriptionCommand - fixed by temporarily duplicating ReplaceAndUpdateCache * Unresolvable dependencies in other services - fixed by temporarily registering noop services and moving around some DI code All should be resolved in PM-1880 * Refactor: improve the update object and use it to adjust values, remove excess interfaces on the command * Handle autoscaling-specific errors --------- Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> * Move bitwarden_license include reference into conditional block * [AC 1526]Show current SM seat and service account usage in Bitwarden Portal (#3142) * changes base on the tickets request * Code refactoring * Removed the unwanted method * Add implementation to the new method * Resolve some pr comments * resolve lint issue * resolve pr comments * add the new noop files * Add new noop file and resolve some pr comments * resolve pr comments * removed unused method --------- Co-authored-by: Shane Melton Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com> Co-authored-by: Colton Hurst Co-authored-by: cyprain-okeke Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com> Co-authored-by: Conner Turnbull Co-authored-by: Rui Tome Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> --- ...ountNewServiceAccountSlotsRequiredQuery.cs | 44 ++ .../SecretsManagerCollectionExtensions.cs | 1 + .../Repositories/ProjectRepository.cs | 10 + .../Repositories/SecretRepository.cs | 10 + bitwarden_license/src/Scim/Startup.cs | 6 + bitwarden_license/src/Sso/Startup.cs | 6 + ...ewServiceAccountSlotsRequiredQueryTests.cs | 125 ++++ src/Admin/Admin.csproj | 3 +- .../Controllers/OrganizationsController.cs | 29 +- src/Admin/Models/OrganizationEditModel.cs | 5 +- src/Admin/Models/OrganizationViewModel.cs | 13 +- src/Admin/Startup.cs | 2 + .../Organizations/_ViewInformation.cshtml | 12 + src/Admin/packages.lock.json | 34 +- .../OrganizationUsersController.cs | 36 +- .../Controllers/OrganizationsController.cs | 34 +- .../SecretsManagerSubscribeRequestModel.cs | 14 + ...tsManagerSubscriptionUpdateRequestModel.cs | 31 +- .../OrganizationResponseModel.cs | 6 +- .../Controllers/ServiceAccountsController.cs | 20 + src/Billing/Startup.cs | 6 + .../SecretsManagerSubscriptionUpdate.cs | 107 ++- .../Models/Business/SubscriptionUpdate.cs | 75 ++- ...OrganizationServiceCollectionExtensions.cs | 21 +- .../AddSecretsManagerSubscriptionCommand.cs | 76 +++ .../IAddSecretsManagerSubscriptionCommand.cs | 11 + ...UpdateSecretsManagerSubscriptionCommand.cs | 7 +- ...SubscriptionServiceCollectionExtensions.cs | 2 +- ...UpdateSecretsManagerSubscriptionCommand.cs | 253 ++++--- .../UpgradeOrganizationPlanCommand.cs | 9 +- .../CountNewSmSeatsRequiredQuery.cs | 54 ++ .../ICountNewSmSeatsRequiredQuery.cs | 6 + .../EnableAccessSecretsManagerCommand.cs | 43 -- .../IEnableAccessSecretsManagerCommand.cs | 9 - ...ountNewServiceAccountSlotsRequiredQuery.cs | 6 + .../Repositories/IProjectRepository.cs | 1 + .../Repositories/ISecretRepository.cs | 1 + .../Noop/NoopProjectRepository.cs | 65 ++ .../Repositories/Noop/NoopSecretRepository.cs | 91 +++ src/Core/Services/IPaymentService.cs | 2 + .../Implementations/OrganizationService.cs | 79 ++- .../Implementations/StripePaymentService.cs | 6 + src/Identity/Startup.cs | 6 + .../Utilities/ServiceCollectionExtensions.cs | 2 + .../OrganizationsControllerTests.cs | 4 +- .../ServiceAccountsControllerTests.cs | 58 +- ...dSecretsManagerSubscriptionCommandTests.cs | 107 +++ ...eSecretsManagerSubscriptionCommandTests.cs | 619 +++++++++--------- .../CountNewSmSeatsRequiredQueryTests.cs | 110 ++++ .../EnableAccessSecretsManagerCommandTests.cs | 81 --- .../Services/OrganizationServiceTests.cs | 297 +++++++++ 51 files changed, 2003 insertions(+), 652 deletions(-) create mode 100644 bitwarden_license/src/Commercial.Core/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQuery.cs create mode 100644 bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQueryTests.cs create mode 100644 src/Api/Models/Request/Organizations/SecretsManagerSubscribeRequestModel.cs create mode 100644 src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs create mode 100644 src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IAddSecretsManagerSubscriptionCommand.cs create mode 100644 src/Core/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQuery.cs create mode 100644 src/Core/OrganizationFeatures/OrganizationUsers/Interfaces/ICountNewSmSeatsRequiredQuery.cs delete mode 100644 src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs delete mode 100644 src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs create mode 100644 src/Core/SecretsManager/Queries/ServiceAccounts/Interfaces/ICountNewServiceAccountSlotsRequiredQuery.cs create mode 100644 src/Core/SecretsManager/Repositories/Noop/NoopProjectRepository.cs create mode 100644 src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs create mode 100644 test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs create mode 100644 test/Core.Test/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQueryTests.cs delete mode 100644 test/Core.Test/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommandTests.cs diff --git a/bitwarden_license/src/Commercial.Core/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQuery.cs b/bitwarden_license/src/Commercial.Core/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQuery.cs new file mode 100644 index 0000000000..cbb8b98f8c --- /dev/null +++ b/bitwarden_license/src/Commercial.Core/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQuery.cs @@ -0,0 +1,44 @@ +using Bit.Core.Exceptions; +using Bit.Core.Repositories; +using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces; +using Bit.Core.SecretsManager.Repositories; + +namespace Bit.Commercial.Core.SecretsManager.Queries.ServiceAccounts; + +public class CountNewServiceAccountSlotsRequiredQuery : ICountNewServiceAccountSlotsRequiredQuery +{ + private readonly IOrganizationRepository _organizationRepository; + private readonly IServiceAccountRepository _serviceAccountRepository; + + public CountNewServiceAccountSlotsRequiredQuery( + IOrganizationRepository organizationRepository, + IServiceAccountRepository serviceAccountRepository) + { + _organizationRepository = organizationRepository; + _serviceAccountRepository = serviceAccountRepository; + } + + public async Task CountNewServiceAccountSlotsRequiredAsync(Guid organizationId, int serviceAccountsToAdd) + { + var organization = await _organizationRepository.GetByIdAsync(organizationId); + if (organization == null || !organization.UseSecretsManager) + { + throw new NotFoundException(); + } + + if (!organization.SmServiceAccounts.HasValue || serviceAccountsToAdd == 0 || organization.SecretsManagerBeta) + { + return 0; + } + + var serviceAccountCount = await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(organizationId); + var availableServiceAccountSlots = organization.SmServiceAccounts.Value - serviceAccountCount; + + if (availableServiceAccountSlots >= serviceAccountsToAdd) + { + return 0; + } + + return serviceAccountsToAdd - availableServiceAccountSlots; + } +} diff --git a/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs b/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs index 5858ef9b55..be9534cfc8 100644 --- a/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs +++ b/bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs @@ -44,6 +44,7 @@ public static class SecretsManagerCollectionExtensions services.AddScoped(); services.AddScoped(); services.AddScoped(); + services.AddScoped(); services.AddScoped(); services.AddScoped(); services.AddScoped(); diff --git a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs index a350a62e93..9fdbe42814 100644 --- a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs +++ b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs @@ -40,6 +40,16 @@ public class ProjectRepository : Repository GetProjectCountByOrganizationIdAsync(Guid organizationId) + { + using (var scope = ServiceScopeFactory.CreateScope()) + { + var dbContext = GetDatabaseContext(scope); + return await dbContext.Project + .CountAsync(ou => ou.OrganizationId == organizationId); + } + } + public async Task> GetManyByOrganizationIdWriteAccessAsync( Guid organizationId, Guid userId, AccessClientType accessType) { diff --git a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs index 078147f3ab..9fa346fbc8 100644 --- a/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs +++ b/bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs @@ -57,6 +57,16 @@ public class SecretRepository : Repository GetSecretsCountByOrganizationIdAsync(Guid organizationId) + { + using (var scope = ServiceScopeFactory.CreateScope()) + { + var dbContext = GetDatabaseContext(scope); + return await dbContext.Secret + .CountAsync(ou => ou.OrganizationId == organizationId && ou.DeletedDate == null); + } + } + public async Task> GetManyByOrganizationIdInTrashByIdsAsync(Guid organizationId, IEnumerable ids) { using (var scope = ServiceScopeFactory.CreateScope()) diff --git a/bitwarden_license/src/Scim/Startup.cs b/bitwarden_license/src/Scim/Startup.cs index 4ef46459c3..e70b6a2883 100644 --- a/bitwarden_license/src/Scim/Startup.cs +++ b/bitwarden_license/src/Scim/Startup.cs @@ -1,5 +1,7 @@ using System.Globalization; using Bit.Core.Context; +using Bit.Core.SecretsManager.Repositories; +using Bit.Core.SecretsManager.Repositories.Noop; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.Scim.Context; @@ -69,6 +71,10 @@ public class Startup services.TryAddSingleton(); + // TODO: Remove when OrganizationUser methods are moved out of OrganizationService, this noop dependency should + // TODO: no longer be required - see PM-1880 + services.AddScoped(); + // Mvc services.AddMvc(config => { diff --git a/bitwarden_license/src/Sso/Startup.cs b/bitwarden_license/src/Sso/Startup.cs index aeeaa7e6fd..635c91f441 100644 --- a/bitwarden_license/src/Sso/Startup.cs +++ b/bitwarden_license/src/Sso/Startup.cs @@ -1,5 +1,7 @@ using Bit.Core; using Bit.Core.Context; +using Bit.Core.SecretsManager.Repositories; +using Bit.Core.SecretsManager.Repositories.Noop; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.SharedWeb.Utilities; @@ -78,6 +80,10 @@ public class Startup services.AddBaseServices(globalSettings); services.AddDefaultServices(globalSettings); services.AddCoreLocalizationServices(); + + // TODO: Remove when OrganizationUser methods are moved out of OrganizationService, this noop dependency should + // TODO: no longer be required - see PM-1880 + services.AddScoped(); } public void Configure( diff --git a/bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQueryTests.cs b/bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQueryTests.cs new file mode 100644 index 0000000000..21c91920a9 --- /dev/null +++ b/bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/ServiceAccounts/CountNewServiceAccountSlotsRequiredQueryTests.cs @@ -0,0 +1,125 @@ +using Bit.Commercial.Core.SecretsManager.Queries.ServiceAccounts; +using Bit.Core.Entities; +using Bit.Core.Exceptions; +using Bit.Core.Repositories; +using Bit.Core.SecretsManager.Repositories; +using Bit.Test.Common.AutoFixture; +using Bit.Test.Common.AutoFixture.Attributes; +using NSubstitute; +using Xunit; + +namespace Bit.Commercial.Core.Test.SecretsManager.Queries.ServiceAccounts; + +[SutProviderCustomize] +public class CountNewServiceAccountSlotsRequiredQueryTests +{ + [Theory] + [BitAutoData(2, 5, 2, 0)] + [BitAutoData(0, 5, 2, 0)] + [BitAutoData(6, 5, 2, 3)] + [BitAutoData(2, 5, 10, 7)] + public async Task CountNewServiceAccountSlotsRequiredAsync_ReturnsCorrectCount( + int serviceAccountsToAdd, + int organizationSmServiceAccounts, + int currentServiceAccounts, + int expectedNewServiceAccountsRequired, + Organization organization, + SutProvider sutProvider) + { + organization.UseSecretsManager = true; + organization.SmServiceAccounts = organizationSmServiceAccounts; + organization.SecretsManagerBeta = false; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + sutProvider.GetDependency() + .GetServiceAccountCountByOrganizationIdAsync(organization.Id) + .Returns(currentServiceAccounts); + + var result = await sutProvider.Sut.CountNewServiceAccountSlotsRequiredAsync(organization.Id, serviceAccountsToAdd); + + Assert.Equal(expectedNewServiceAccountsRequired, result); + + if (serviceAccountsToAdd > 0) + { + await sutProvider.GetDependency().Received(1) + .GetServiceAccountCountByOrganizationIdAsync(organization.Id); + } + } + + [Theory] + [BitAutoData(0)] + [BitAutoData(5)] + public async Task CountNewServiceAccountSlotsRequiredAsync_WithNullSmServiceAccounts_ReturnsZero( + int currentServiceAccounts, + int serviceAccountsToAdd, + Organization organization, + SutProvider sutProvider) + { + const int expectedRequiredServiceAccountsToScale = 0; + + organization.UseSecretsManager = true; + organization.SmServiceAccounts = null; + organization.SecretsManagerBeta = false; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + sutProvider.GetDependency() + .GetServiceAccountCountByOrganizationIdAsync(organization.Id) + .Returns(currentServiceAccounts); + + var result = await sutProvider.Sut.CountNewServiceAccountSlotsRequiredAsync(organization.Id, serviceAccountsToAdd); + + Assert.Equal(expectedRequiredServiceAccountsToScale, result); + + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() + .GetServiceAccountCountByOrganizationIdAsync(default); + } + + [Theory, BitAutoData] + public async Task CountNewServiceAccountSlotsRequiredAsync_WithSecretsManagerBeta_ReturnsZero( + int serviceAccountsToAdd, + Organization organization, + SutProvider sutProvider) + { + organization.UseSecretsManager = true; + organization.SecretsManagerBeta = true; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + var result = await sutProvider.Sut.CountNewServiceAccountSlotsRequiredAsync(organization.Id, serviceAccountsToAdd); + + Assert.Equal(0, result); + + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() + .GetServiceAccountCountByOrganizationIdAsync(default); + } + + [Theory, BitAutoData] + public async Task CountNewServiceAccountSlotsRequiredAsync_WithNonExistentOrganizationId_ThrowsNotFound( + Guid organizationId, int serviceAccountsToAdd, + SutProvider sutProvider) + { + await Assert.ThrowsAsync(async () => await sutProvider.Sut.CountNewServiceAccountSlotsRequiredAsync(organizationId, serviceAccountsToAdd)); + } + + [Theory, BitAutoData] + public async Task CountNewServiceAccountSlotsRequiredAsync_WithOrganizationUseSecretsManagerFalse_ThrowsNotFound( + Organization organization, int serviceAccountsToAdd, + SutProvider sutProvider) + { + organization.UseSecretsManager = false; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + await Assert.ThrowsAsync(async () => await sutProvider.Sut.CountNewServiceAccountSlotsRequiredAsync(organization.Id, serviceAccountsToAdd)); + } +} diff --git a/src/Admin/Admin.csproj b/src/Admin/Admin.csproj index 334f0e3d74..5557884b1d 100644 --- a/src/Admin/Admin.csproj +++ b/src/Admin/Admin.csproj @@ -3,7 +3,7 @@ bitwarden-Admin - + @@ -19,6 +19,7 @@ + diff --git a/src/Admin/Controllers/OrganizationsController.cs b/src/Admin/Controllers/OrganizationsController.cs index 8fc74435a3..2eb223716d 100644 --- a/src/Admin/Controllers/OrganizationsController.cs +++ b/src/Admin/Controllers/OrganizationsController.cs @@ -8,6 +8,7 @@ using Bit.Core.Enums; using Bit.Core.Models.OrganizationConnectionConfigs; using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces; using Bit.Core.Repositories; +using Bit.Core.SecretsManager.Repositories; using Bit.Core.Services; using Bit.Core.Settings; using Bit.Core.Tools.Enums; @@ -42,6 +43,9 @@ public class OrganizationsController : Controller private readonly ILogger _logger; private readonly IAccessControlService _accessControlService; private readonly ICurrentContext _currentContext; + private readonly ISecretRepository _secretRepository; + private readonly IProjectRepository _projectRepository; + private readonly IServiceAccountRepository _serviceAccountRepository; public OrganizationsController( IOrganizationService organizationService, @@ -62,7 +66,10 @@ public class OrganizationsController : Controller IProviderRepository providerRepository, ILogger logger, IAccessControlService accessControlService, - ICurrentContext currentContext) + ICurrentContext currentContext, + ISecretRepository secretRepository, + IProjectRepository projectRepository, + IServiceAccountRepository serviceAccountRepository) { _organizationService = organizationService; _organizationRepository = organizationRepository; @@ -83,6 +90,9 @@ public class OrganizationsController : Controller _logger = logger; _accessControlService = accessControlService; _currentContext = currentContext; + _secretRepository = secretRepository; + _projectRepository = projectRepository; + _serviceAccountRepository = serviceAccountRepository; } [RequirePermission(Permission.Org_List_View)] @@ -137,7 +147,14 @@ public class OrganizationsController : Controller } var users = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(id); var billingSyncConnection = _globalSettings.EnableCloudCommunication ? await _organizationConnectionRepository.GetByOrganizationIdTypeAsync(id, OrganizationConnectionType.CloudBillingSync) : null; - return View(new OrganizationViewModel(organization, provider, billingSyncConnection, users, ciphers, collections, groups, policies)); + var secrets = organization.UseSecretsManager ? await _secretRepository.GetSecretsCountByOrganizationIdAsync(id) : -1; + var projects = organization.UseSecretsManager ? await _projectRepository.GetProjectCountByOrganizationIdAsync(id) : -1; + var serviceAccounts = organization.UseSecretsManager ? await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(id) : -1; + var smSeats = organization.UseSecretsManager + ? await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id) + : -1; + return View(new OrganizationViewModel(organization, provider, billingSyncConnection, users, ciphers, collections, groups, policies, + secrets, projects, serviceAccounts, smSeats)); } [SelfHosted(NotSelfHostedOnly = true)] @@ -165,8 +182,14 @@ public class OrganizationsController : Controller var users = await _organizationUserRepository.GetManyDetailsByOrganizationAsync(id); var billingInfo = await _paymentService.GetBillingAsync(organization); var billingSyncConnection = _globalSettings.EnableCloudCommunication ? await _organizationConnectionRepository.GetByOrganizationIdTypeAsync(id, OrganizationConnectionType.CloudBillingSync) : null; + var secrets = organization.UseSecretsManager ? await _secretRepository.GetSecretsCountByOrganizationIdAsync(id) : -1; + var projects = organization.UseSecretsManager ? await _projectRepository.GetProjectCountByOrganizationIdAsync(id) : -1; + var serviceAccounts = organization.UseSecretsManager ? await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(id) : -1; + var smSeats = organization.UseSecretsManager + ? await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id) + : -1; return View(new OrganizationEditModel(organization, provider, users, ciphers, collections, groups, policies, - billingInfo, billingSyncConnection, _globalSettings)); + billingInfo, billingSyncConnection, _globalSettings, secrets, projects, serviceAccounts, smSeats)); } [HttpPost] diff --git a/src/Admin/Models/OrganizationEditModel.cs b/src/Admin/Models/OrganizationEditModel.cs index f69c0361d0..7481ff6779 100644 --- a/src/Admin/Models/OrganizationEditModel.cs +++ b/src/Admin/Models/OrganizationEditModel.cs @@ -28,8 +28,9 @@ public class OrganizationEditModel : OrganizationViewModel public OrganizationEditModel(Organization org, Provider provider, IEnumerable orgUsers, IEnumerable ciphers, IEnumerable collections, IEnumerable groups, IEnumerable policies, BillingInfo billingInfo, IEnumerable connections, - GlobalSettings globalSettings) - : base(org, provider, connections, orgUsers, ciphers, collections, groups, policies) + GlobalSettings globalSettings, int secrets, int projects, int serviceAccounts, int smSeats) + : base(org, provider, connections, orgUsers, ciphers, collections, groups, policies, secrets, projects, + serviceAccounts, smSeats) { BillingInfo = billingInfo; BraintreeMerchantId = globalSettings.Braintree.MerchantId; diff --git a/src/Admin/Models/OrganizationViewModel.cs b/src/Admin/Models/OrganizationViewModel.cs index 57edc49a7c..491ff9191b 100644 --- a/src/Admin/Models/OrganizationViewModel.cs +++ b/src/Admin/Models/OrganizationViewModel.cs @@ -12,7 +12,9 @@ public class OrganizationViewModel public OrganizationViewModel(Organization org, Provider provider, IEnumerable connections, IEnumerable orgUsers, IEnumerable ciphers, IEnumerable collections, - IEnumerable groups, IEnumerable policies) + IEnumerable groups, IEnumerable policies, int secretsCount, int projectCount, int serviceAccountsCount, + int smSeatsCount) + { Organization = org; Provider = provider; @@ -37,6 +39,10 @@ public class OrganizationViewModel orgUsers .Where(u => u.Type == OrganizationUserType.Admin && u.Status == organizationUserStatus) .Select(u => u.Email)); + Secrets = secretsCount; + Projects = projectCount; + ServiceAccounts = serviceAccountsCount; + SmSeats = smSeatsCount; } public Organization Organization { get; set; } @@ -53,4 +59,9 @@ public class OrganizationViewModel public int GroupCount { get; set; } public int PolicyCount { get; set; } public bool HasPublicPrivateKeys { get; set; } + public int Secrets { get; set; } + public int Projects { get; set; } + public int ServiceAccounts { get; set; } + public int SmSeats { get; set; } + public bool UseSecretsManager => Organization.UseSecretsManager; } diff --git a/src/Admin/Startup.cs b/src/Admin/Startup.cs index 9482be011a..a10cd4d2de 100644 --- a/src/Admin/Startup.cs +++ b/src/Admin/Startup.cs @@ -12,6 +12,7 @@ using Bit.Admin.Services; #if !OSS using Bit.Commercial.Core.Utilities; +using Bit.Commercial.Infrastructure.EntityFramework.SecretsManager; #endif namespace Bit.Admin; @@ -91,6 +92,7 @@ public class Startup services.AddOosServices(); #else services.AddCommercialCoreServices(); + services.AddSecretsManagerEfRepositories(); #endif // Mvc diff --git a/src/Admin/Views/Organizations/_ViewInformation.cshtml b/src/Admin/Views/Organizations/_ViewInformation.cshtml index 24e69d298b..df4513ccaa 100644 --- a/src/Admin/Views/Organizations/_ViewInformation.cshtml +++ b/src/Admin/Views/Organizations/_ViewInformation.cshtml @@ -32,6 +32,18 @@
Collections
@Model.CollectionCount
+
Secrets
+
@(Model.UseSecretsManager ? Model.Secrets: "N/A")
+ +
Projects
+
@(Model.UseSecretsManager ? Model.Projects: "N/A")
+ +
Service Accounts
+
@(Model.UseSecretsManager ? Model.ServiceAccounts: "N/A")
+ +
Secrets Manager Seats
+
@(Model.UseSecretsManager ? Model.SmSeats: "N/A" )
+
Groups
@Model.GroupCount
diff --git a/src/Admin/packages.lock.json b/src/Admin/packages.lock.json index 45b0a4eeae..d601fe600e 100644 --- a/src/Admin/packages.lock.json +++ b/src/Admin/packages.lock.json @@ -2821,7 +2821,15 @@ "commercial.core": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )" + "Core": "[2023.7.1, )" + } + }, + "commercial.infrastructure.entityframework": { + "type": "Project", + "dependencies": { + "AutoMapper.Extensions.Microsoft.DependencyInjection": "[12.0.1, )", + "Core": "[2023.7.1, )", + "Infrastructure.EntityFramework": "[2023.7.1, )" } }, "core": { @@ -2869,7 +2877,7 @@ "infrastructure.dapper": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", + "Core": "[2023.7.1, )", "Dapper": "[2.0.123, )" } }, @@ -2877,7 +2885,7 @@ "type": "Project", "dependencies": { "AutoMapper.Extensions.Microsoft.DependencyInjection": "[12.0.1, )", - "Core": "[2023.5.1, )", + "Core": "[2023.7.1, )", "Microsoft.EntityFrameworkCore.Relational": "[7.0.5, )", "Microsoft.EntityFrameworkCore.SqlServer": "[7.0.5, )", "Microsoft.EntityFrameworkCore.Sqlite": "[7.0.5, )", @@ -2889,7 +2897,7 @@ "migrator": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", + "Core": "[2023.7.1, )", "Microsoft.Extensions.Logging": "[6.0.0, )", "dbup-sqlserver": "[5.0.8, )" } @@ -2897,30 +2905,30 @@ "mysqlmigrations": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", - "Infrastructure.EntityFramework": "[2023.5.1, )" + "Core": "[2023.7.1, )", + "Infrastructure.EntityFramework": "[2023.7.1, )" } }, "postgresmigrations": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", - "Infrastructure.EntityFramework": "[2023.5.1, )" + "Core": "[2023.7.1, )", + "Infrastructure.EntityFramework": "[2023.7.1, )" } }, "sharedweb": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", - "Infrastructure.Dapper": "[2023.5.1, )", - "Infrastructure.EntityFramework": "[2023.5.1, )" + "Core": "[2023.7.1, )", + "Infrastructure.Dapper": "[2023.7.1, )", + "Infrastructure.EntityFramework": "[2023.7.1, )" } }, "sqlitemigrations": { "type": "Project", "dependencies": { - "Core": "[2023.5.1, )", - "Infrastructure.EntityFramework": "[2023.5.1, )" + "Core": "[2023.7.1, )", + "Infrastructure.EntityFramework": "[2023.7.1, )" } } } diff --git a/src/Api/Controllers/OrganizationUsersController.cs b/src/Api/Controllers/OrganizationUsersController.cs index baaf9de6d5..7e09cb8df7 100644 --- a/src/Api/Controllers/OrganizationUsersController.cs +++ b/src/Api/Controllers/OrganizationUsersController.cs @@ -8,8 +8,9 @@ using Bit.Core.Exceptions; using Bit.Core.Models.Business; using Bit.Core.Models.Data.Organizations.OrganizationUsers; using Bit.Core.Models.Data.Organizations.Policies; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.Repositories; -using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces; using Bit.Core.Services; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; @@ -20,7 +21,6 @@ namespace Bit.Api.Controllers; [Authorize("Application")] public class OrganizationUsersController : Controller { - private readonly IEnableAccessSecretsManagerCommand _enableAccessSecretsManagerCommand; private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IOrganizationService _organizationService; @@ -29,9 +29,10 @@ public class OrganizationUsersController : Controller private readonly IUserService _userService; private readonly IPolicyRepository _policyRepository; private readonly ICurrentContext _currentContext; + private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery; + private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand; public OrganizationUsersController( - IEnableAccessSecretsManagerCommand enableAccessSecretsManagerCommand, IOrganizationRepository organizationRepository, IOrganizationUserRepository organizationUserRepository, IOrganizationService organizationService, @@ -39,9 +40,10 @@ public class OrganizationUsersController : Controller IGroupRepository groupRepository, IUserService userService, IPolicyRepository policyRepository, - ICurrentContext currentContext) + ICurrentContext currentContext, + ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery, + IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand) { - _enableAccessSecretsManagerCommand = enableAccessSecretsManagerCommand; _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; _organizationService = organizationService; @@ -50,6 +52,8 @@ public class OrganizationUsersController : Controller _userService = userService; _policyRepository = policyRepository; _currentContext = currentContext; + _countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery; + _updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand; } [HttpGet("{id}")] @@ -426,7 +430,7 @@ public class OrganizationUsersController : Controller [HttpPatch("enable-secrets-manager")] [HttpPut("enable-secrets-manager")] - public async Task> BulkEnableSecretsManagerAsync(Guid orgId, + public async Task BulkEnableSecretsManagerAsync(Guid orgId, [FromBody] OrganizationUserBulkRequestModel model) { if (!await _currentContext.ManageUsers(orgId)) @@ -435,16 +439,28 @@ public class OrganizationUsersController : Controller } var orgUsers = (await _organizationUserRepository.GetManyAsync(model.Ids)) - .Where(ou => ou.OrganizationId == orgId).ToList(); + .Where(ou => ou.OrganizationId == orgId && !ou.AccessSecretsManager).ToList(); if (orgUsers.Count == 0) { throw new BadRequestException("Users invalid."); } - var results = await _enableAccessSecretsManagerCommand.EnableUsersAsync(orgUsers); + var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(orgId, + orgUsers.Count); + if (additionalSmSeatsRequired > 0) + { + var organization = await _organizationRepository.GetByIdAsync(orgId); + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustSeats(additionalSmSeatsRequired); + await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update); + } - return new ListResponseModel(results.Select(r => - new OrganizationUserBulkResponseModel(r.organizationUser.Id, r.error))); + foreach (var orgUser in orgUsers) + { + orgUser.AccessSecretsManager = true; + } + + await _organizationUserRepository.ReplaceManyAsync(orgUsers); } private async Task RestoreOrRevokeUserAsync( diff --git a/src/Api/Controllers/OrganizationsController.cs b/src/Api/Controllers/OrganizationsController.cs index 405e5f0e51..1d0e9d1487 100644 --- a/src/Api/Controllers/OrganizationsController.cs +++ b/src/Api/Controllers/OrganizationsController.cs @@ -53,6 +53,7 @@ public class OrganizationsController : Controller private readonly ILicensingService _licensingService; private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand; private readonly IUpgradeOrganizationPlanCommand _upgradeOrganizationPlanCommand; + private readonly IAddSecretsManagerSubscriptionCommand _addSecretsManagerSubscriptionCommand; public OrganizationsController( IOrganizationRepository organizationRepository, @@ -75,7 +76,8 @@ public class OrganizationsController : Controller GlobalSettings globalSettings, ILicensingService licensingService, IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand, - IUpgradeOrganizationPlanCommand upgradeOrganizationPlanCommand) + IUpgradeOrganizationPlanCommand upgradeOrganizationPlanCommand, + IAddSecretsManagerSubscriptionCommand addSecretsManagerSubscriptionCommand) { _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; @@ -98,6 +100,7 @@ public class OrganizationsController : Controller _licensingService = licensingService; _updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand; _upgradeOrganizationPlanCommand = upgradeOrganizationPlanCommand; + _addSecretsManagerSubscriptionCommand = addSecretsManagerSubscriptionCommand; } [HttpGet("{id}")] @@ -344,14 +347,33 @@ public class OrganizationsController : Controller throw new NotFoundException(); } - var secretsManagerPlan = StaticStore.GetSecretsManagerPlan(organization.PlanType); - if (secretsManagerPlan == null) + var organizationUpdate = model.ToSecretsManagerSubscriptionUpdate(organization); + await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(organizationUpdate); + } + + [HttpPost("{id}/subscribe-secrets-manager")] + [SelfHosted(NotSelfHostedOnly = true)] + public async Task PostSubscribeSecretsManagerAsync(Guid id, [FromBody] SecretsManagerSubscribeRequestModel model) + { + var organization = await _organizationRepository.GetByIdAsync(id); + if (organization == null) { - throw new NotFoundException("Invalid Secrets Manager plan."); + throw new NotFoundException(); } - var organizationUpdate = model.ToSecretsManagerSubscriptionUpdate(organization, secretsManagerPlan); - await _updateSecretsManagerSubscriptionCommand.UpdateSecretsManagerSubscription(organizationUpdate); + if (!await _currentContext.EditSubscription(id)) + { + throw new NotFoundException(); + } + + await _addSecretsManagerSubscriptionCommand.SignUpAsync(organization, model.AdditionalSmSeats, + model.AdditionalServiceAccounts); + + var userId = _userService.GetProperUserId(User).Value; + var organizationDetails = await _organizationUserRepository.GetDetailsByUserAsync(userId, organization.Id, + OrganizationUserStatusType.Confirmed); + + return new ProfileOrganizationResponseModel(organizationDetails); } [HttpPost("{id}/seat")] diff --git a/src/Api/Models/Request/Organizations/SecretsManagerSubscribeRequestModel.cs b/src/Api/Models/Request/Organizations/SecretsManagerSubscribeRequestModel.cs new file mode 100644 index 0000000000..5297e11c16 --- /dev/null +++ b/src/Api/Models/Request/Organizations/SecretsManagerSubscribeRequestModel.cs @@ -0,0 +1,14 @@ +using System.ComponentModel.DataAnnotations; + +namespace Bit.Api.Models.Request.Organizations; + +public class SecretsManagerSubscribeRequestModel +{ + [Required] + [Range(0, int.MaxValue)] + public int AdditionalSmSeats { get; set; } + + [Required] + [Range(0, int.MaxValue)] + public int AdditionalServiceAccounts { get; set; } +} diff --git a/src/Api/Models/Request/Organizations/SecretsManagerSubscriptionUpdateRequestModel.cs b/src/Api/Models/Request/Organizations/SecretsManagerSubscriptionUpdateRequestModel.cs index 31f071953a..a8adbe92e5 100644 --- a/src/Api/Models/Request/Organizations/SecretsManagerSubscriptionUpdateRequestModel.cs +++ b/src/Api/Models/Request/Organizations/SecretsManagerSubscriptionUpdateRequestModel.cs @@ -1,7 +1,6 @@ using System.ComponentModel.DataAnnotations; using Bit.Core.Entities; using Bit.Core.Models.Business; -using Bit.Core.Models.StaticStore; namespace Bit.Api.Models.Request.Organizations; @@ -13,32 +12,12 @@ public class SecretsManagerSubscriptionUpdateRequestModel public int ServiceAccountAdjustment { get; set; } public int? MaxAutoscaleServiceAccounts { get; set; } - public virtual SecretsManagerSubscriptionUpdate ToSecretsManagerSubscriptionUpdate(Organization organization, Plan plan) + public virtual SecretsManagerSubscriptionUpdate ToSecretsManagerSubscriptionUpdate(Organization organization) { - var newTotalSeats = organization.SmSeats.GetValueOrDefault() + SeatAdjustment; - var newTotalServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + ServiceAccountAdjustment; - - var orgUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organization.Id, - - SmSeatsAdjustment = SeatAdjustment, - SmSeats = newTotalSeats, - SmSeatsExcludingBase = newTotalSeats - plan.BaseSeats, - - MaxAutoscaleSmSeats = MaxAutoscaleSeats, - - SmServiceAccountsAdjustment = ServiceAccountAdjustment, - SmServiceAccounts = newTotalServiceAccounts, - SmServiceAccountsExcludingBase = newTotalServiceAccounts - plan.BaseServiceAccount.GetValueOrDefault(), - - MaxAutoscaleSmServiceAccounts = MaxAutoscaleServiceAccounts, - - MaxAutoscaleSmSeatsChanged = - MaxAutoscaleSeats.GetValueOrDefault() != organization.MaxAutoscaleSmSeats.GetValueOrDefault(), - MaxAutoscaleSmServiceAccountsChanged = - MaxAutoscaleServiceAccounts.GetValueOrDefault() != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + var orgUpdate = new SecretsManagerSubscriptionUpdate( + organization, + seatAdjustment: SeatAdjustment, maxAutoscaleSeats: MaxAutoscaleSeats, + serviceAccountAdjustment: ServiceAccountAdjustment, maxAutoscaleServiceAccounts: MaxAutoscaleServiceAccounts); return orgUpdate; } diff --git a/src/Api/Models/Response/Organizations/OrganizationResponseModel.cs b/src/Api/Models/Response/Organizations/OrganizationResponseModel.cs index fb196901b8..11f5a795a4 100644 --- a/src/Api/Models/Response/Organizations/OrganizationResponseModel.cs +++ b/src/Api/Models/Response/Organizations/OrganizationResponseModel.cs @@ -27,7 +27,11 @@ public class OrganizationResponseModel : ResponseModel BusinessTaxNumber = organization.BusinessTaxNumber; BillingEmail = organization.BillingEmail; Plan = new PlanResponseModel(StaticStore.PasswordManagerPlans.FirstOrDefault(plan => plan.Type == organization.PlanType)); - SecretsManagerPlan = new PlanResponseModel(StaticStore.SecretManagerPlans.FirstOrDefault(plan => plan.Type == organization.PlanType)); + var matchingPlan = StaticStore.GetSecretsManagerPlan(organization.PlanType); + if (matchingPlan != null) + { + SecretsManagerPlan = new PlanResponseModel(matchingPlan); + } PlanType = organization.PlanType; Seats = organization.Seats; MaxAutoscaleSeats = organization.MaxAutoscaleSeats; diff --git a/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs b/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs index 4a7993f0bc..0e2d59da27 100644 --- a/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs +++ b/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs @@ -4,6 +4,8 @@ using Bit.Api.SecretsManager.Models.Response; using Bit.Core.Context; using Bit.Core.Enums; using Bit.Core.Exceptions; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.Repositories; using Bit.Core.SecretsManager.AuthorizationRequirements; using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces; using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces; @@ -27,6 +29,9 @@ public class ServiceAccountsController : Controller private readonly IAuthorizationService _authorizationService; private readonly IServiceAccountRepository _serviceAccountRepository; private readonly IApiKeyRepository _apiKeyRepository; + private readonly IOrganizationRepository _organizationRepository; + private readonly ICountNewServiceAccountSlotsRequiredQuery _countNewServiceAccountSlotsRequiredQuery; + private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand; private readonly IServiceAccountSecretsDetailsQuery _serviceAccountSecretsDetailsQuery; private readonly ICreateAccessTokenCommand _createAccessTokenCommand; private readonly ICreateServiceAccountCommand _createServiceAccountCommand; @@ -40,6 +45,9 @@ public class ServiceAccountsController : Controller IAuthorizationService authorizationService, IServiceAccountRepository serviceAccountRepository, IApiKeyRepository apiKeyRepository, + IOrganizationRepository organizationRepository, + ICountNewServiceAccountSlotsRequiredQuery countNewServiceAccountSlotsRequiredQuery, + IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand, IServiceAccountSecretsDetailsQuery serviceAccountSecretsDetailsQuery, ICreateAccessTokenCommand createAccessTokenCommand, ICreateServiceAccountCommand createServiceAccountCommand, @@ -52,12 +60,15 @@ public class ServiceAccountsController : Controller _authorizationService = authorizationService; _serviceAccountRepository = serviceAccountRepository; _apiKeyRepository = apiKeyRepository; + _organizationRepository = organizationRepository; + _countNewServiceAccountSlotsRequiredQuery = countNewServiceAccountSlotsRequiredQuery; _serviceAccountSecretsDetailsQuery = serviceAccountSecretsDetailsQuery; _createServiceAccountCommand = createServiceAccountCommand; _updateServiceAccountCommand = updateServiceAccountCommand; _deleteServiceAccountsCommand = deleteServiceAccountsCommand; _revokeAccessTokensCommand = revokeAccessTokensCommand; _createAccessTokenCommand = createAccessTokenCommand; + _updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand; } [HttpGet("/organizations/{organizationId}/service-accounts")] @@ -109,6 +120,15 @@ public class ServiceAccountsController : Controller throw new NotFoundException(); } + var newServiceAccountSlotsRequired = await _countNewServiceAccountSlotsRequiredQuery + .CountNewServiceAccountSlotsRequiredAsync(organizationId, 1); + if (newServiceAccountSlotsRequired > 0) + { + var org = await _organizationRepository.GetByIdAsync(organizationId); + await _updateSecretsManagerSubscriptionCommand.AdjustServiceAccountsAsync(org, + newServiceAccountSlotsRequired); + } + var userId = _userService.GetProperUserId(User).Value; var result = await _createServiceAccountCommand.CreateAsync(createRequest.ToServiceAccount(organizationId), userId); diff --git a/src/Billing/Startup.cs b/src/Billing/Startup.cs index caf2235698..d665677d62 100644 --- a/src/Billing/Startup.cs +++ b/src/Billing/Startup.cs @@ -1,5 +1,7 @@ using System.Globalization; using Bit.Core.Context; +using Bit.Core.SecretsManager.Repositories; +using Bit.Core.SecretsManager.Repositories.Noop; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.SharedWeb.Utilities; @@ -58,6 +60,10 @@ public class Startup services.TryAddSingleton(); + // TODO: Remove when OrganizationUser methods are moved out of OrganizationService, this noop dependency should + // TODO: no longer be required - see PM-1880 + services.AddScoped(); + // Mvc services.AddMvc(config => { diff --git a/src/Core/Models/Business/SecretsManagerSubscriptionUpdate.cs b/src/Core/Models/Business/SecretsManagerSubscriptionUpdate.cs index 051a7560df..a2e687a92e 100644 --- a/src/Core/Models/Business/SecretsManagerSubscriptionUpdate.cs +++ b/src/Core/Models/Business/SecretsManagerSubscriptionUpdate.cs @@ -1,24 +1,17 @@ -namespace Bit.Core.Models.Business; +using Bit.Core.Entities; +using Bit.Core.Exceptions; +using Bit.Core.Models.StaticStore; + +namespace Bit.Core.Models.Business; public class SecretsManagerSubscriptionUpdate { - public Guid OrganizationId { get; set; } - - /// - /// The seats to be added or removed from the organization - /// - public int SmSeatsAdjustment { get; set; } + public Organization Organization { get; set; } /// /// The total seats the organization will have after the update, including any base seats included in the plan /// - public int SmSeats { get; set; } - - /// - /// The seats the organization will have after the update, excluding the base seats included in the plan - /// Usually this is what the organization is billed for - /// - public int SmSeatsExcludingBase { get; set; } + public int? SmSeats { get; set; } /// /// The new autoscale limit for seats, expressed as a total (not an adjustment). @@ -26,22 +19,11 @@ public class SecretsManagerSubscriptionUpdate /// public int? MaxAutoscaleSmSeats { get; set; } - /// - /// The service accounts to be added or removed from the organization - /// - public int SmServiceAccountsAdjustment { get; set; } - /// /// The total service accounts the organization will have after the update, including the base service accounts /// included in the plan /// - public int SmServiceAccounts { get; set; } - - /// - /// The seats the organization will have after the update, excluding the base seats included in the plan - /// Usually this is what the organization is billed for - /// - public int SmServiceAccountsExcludingBase { get; set; } + public int? SmServiceAccounts { get; set; } /// /// The new autoscale limit for service accounts, expressed as a total (not an adjustment). @@ -49,8 +31,73 @@ public class SecretsManagerSubscriptionUpdate /// public int? MaxAutoscaleSmServiceAccounts { get; set; } - public bool SmSeatsChanged => SmSeatsAdjustment != 0; - public bool SmServiceAccountsChanged => SmServiceAccountsAdjustment != 0; - public bool MaxAutoscaleSmSeatsChanged { get; set; } - public bool MaxAutoscaleSmServiceAccountsChanged { get; set; } + /// + /// The proration date for the subscription update (optional) + /// + public DateTime? ProrationDate { get; set; } + + /// + /// Whether the subscription update is a result of autoscaling + /// + public bool Autoscaling { get; init; } + + /// + /// The seats the organization will have after the update, excluding the base seats included in the plan + /// Usually this is what the organization is billed for + /// + public int SmSeatsExcludingBase => SmSeats.HasValue ? SmSeats.Value - Plan.BaseSeats : 0; + /// + /// The seats the organization will have after the update, excluding the base seats included in the plan + /// Usually this is what the organization is billed for + /// + public int SmServiceAccountsExcludingBase => SmServiceAccounts.HasValue ? SmServiceAccounts.Value - Plan.BaseServiceAccount.GetValueOrDefault() : 0; + public bool SmSeatsChanged => SmSeats != Organization.SmSeats; + public bool SmServiceAccountsChanged => SmServiceAccounts != Organization.SmServiceAccounts; + public bool MaxAutoscaleSmSeatsChanged => MaxAutoscaleSmSeats != Organization.MaxAutoscaleSmSeats; + public bool MaxAutoscaleSmServiceAccountsChanged => + MaxAutoscaleSmServiceAccounts != Organization.MaxAutoscaleSmServiceAccounts; + public Plan Plan => Utilities.StaticStore.GetSecretsManagerPlan(Organization.PlanType); + + public SecretsManagerSubscriptionUpdate( + Organization organization, + int seatAdjustment, int? maxAutoscaleSeats, + int serviceAccountAdjustment, int? maxAutoscaleServiceAccounts) : this(organization, false) + { + AdjustSeats(seatAdjustment); + AdjustServiceAccounts(serviceAccountAdjustment); + + MaxAutoscaleSmSeats = maxAutoscaleSeats; + MaxAutoscaleSmServiceAccounts = maxAutoscaleServiceAccounts; + } + + public SecretsManagerSubscriptionUpdate(Organization organization, bool autoscaling) + { + if (organization == null) + { + throw new NotFoundException("Organization is not found."); + } + + Organization = organization; + + if (Plan == null) + { + throw new NotFoundException("Invalid Secrets Manager plan."); + } + + SmSeats = organization.SmSeats; + MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats; + SmServiceAccounts = organization.SmServiceAccounts; + MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts; + Autoscaling = autoscaling; + } + + public void AdjustSeats(int adjustment) + { + SmSeats = SmSeats.GetValueOrDefault() + adjustment; + } + + public void AdjustServiceAccounts(int adjustment) + { + SmServiceAccounts = SmServiceAccounts.GetValueOrDefault() + adjustment; + } } diff --git a/src/Core/Models/Business/SubscriptionUpdate.cs b/src/Core/Models/Business/SubscriptionUpdate.cs index 1a93bbfa3c..93122b3cf2 100644 --- a/src/Core/Models/Business/SubscriptionUpdate.cs +++ b/src/Core/Models/Business/SubscriptionUpdate.cs @@ -30,7 +30,6 @@ public abstract class SubscriptionUpdate planId == null ? null : subscription.Items?.Data?.FirstOrDefault(i => i.Plan.Id == planId); } - public class SeatSubscriptionUpdate : SubscriptionUpdate { private readonly int _previousSeats; @@ -262,3 +261,77 @@ public class SponsorOrganizationSubscriptionUpdate : SubscriptionUpdate SubscriptionItem(subscription, _existingPlanStripeId); } + +public class SecretsManagerSubscribeUpdate : SubscriptionUpdate +{ + private readonly StaticStore.Plan _plan; + private readonly long? _additionalSeats; + private readonly long? _additionalServiceAccounts; + private readonly int _previousSeats; + private readonly int _previousServiceAccounts; + protected override List PlanIds => new() { _plan.StripeSeatPlanId, _plan.StripeServiceAccountPlanId }; + public SecretsManagerSubscribeUpdate(Organization organization, StaticStore.Plan plan, long? additionalSeats, long? additionalServiceAccounts) + { + _plan = plan; + _additionalSeats = additionalSeats; + _additionalServiceAccounts = additionalServiceAccounts; + _previousSeats = organization.SmSeats.GetValueOrDefault(); + _previousServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault(); + } + + public override List RevertItemsOptions(Subscription subscription) + { + var updatedItems = new List(); + + RemovePreviousSecretsManagerItems(updatedItems); + + return updatedItems; + } + + public override List UpgradeItemsOptions(Subscription subscription) + { + var updatedItems = new List(); + + AddNewSecretsManagerItems(updatedItems); + + return updatedItems; + } + + private void AddNewSecretsManagerItems(List updatedItems) + { + if (_additionalSeats > 0) + { + updatedItems.Add(new SubscriptionItemOptions + { + Price = _plan.StripeSeatPlanId, + Quantity = _additionalSeats + }); + } + + if (_additionalServiceAccounts > 0) + { + updatedItems.Add(new SubscriptionItemOptions + { + Price = _plan.StripeServiceAccountPlanId, + Quantity = _additionalServiceAccounts + }); + } + } + + private void RemovePreviousSecretsManagerItems(List updatedItems) + { + updatedItems.Add(new SubscriptionItemOptions + { + Price = _plan.StripeSeatPlanId, + Quantity = _previousSeats, + Deleted = _previousSeats == 0 ? true : (bool?)null, + }); + + updatedItems.Add(new SubscriptionItemOptions + { + Price = _plan.StripeServiceAccountPlanId, + Quantity = _previousServiceAccounts, + Deleted = _previousServiceAccounts == 0 ? true : (bool?)null, + }); + } +} diff --git a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs index f302aef90b..a534ed5bea 100644 --- a/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs +++ b/src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs @@ -17,8 +17,10 @@ using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterpri using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Cloud; using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces; using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.SelfHosted; -using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager; -using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.OrganizationFeatures.OrganizationUsers; +using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.Services; using Bit.Core.Settings; using Bit.Core.Tokens; @@ -33,7 +35,6 @@ public static class OrganizationServiceCollectionExtensions public static void AddOrganizationServices(this IServiceCollection services, IGlobalSettings globalSettings) { services.AddScoped(); - services.AddScoped(); services.AddTokenizers(); services.AddOrganizationGroupCommands(); services.AddOrganizationConnectionCommands(); @@ -44,6 +45,8 @@ public static class OrganizationServiceCollectionExtensions services.AddOrganizationLicenseCommandsQueries(); services.AddOrganizationDomainCommandsQueries(); services.AddOrganizationAuthCommands(); + services.AddOrganizationUserCommandsQueries(); + services.AddBaseOrganizationSubscriptionCommandsQueries(); } private static void AddOrganizationConnectionCommands(this IServiceCollection services) @@ -118,6 +121,18 @@ public static class OrganizationServiceCollectionExtensions services.AddScoped(); } + private static void AddOrganizationUserCommandsQueries(this IServiceCollection services) + { + services.AddScoped(); + } + + // TODO: move to OrganizationSubscriptionServiceCollectionExtensions when OrganizationUser methods are moved out of + // TODO: OrganizationService - see PM-1880 + private static void AddBaseOrganizationSubscriptionCommandsQueries(this IServiceCollection services) + { + services.AddScoped(); + } + private static void AddTokenizers(this IServiceCollection services) { services.AddSingleton>(serviceProvider => diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs new file mode 100644 index 0000000000..6b514089e1 --- /dev/null +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs @@ -0,0 +1,76 @@ +using Bit.Core.Entities; +using Bit.Core.Enums; +using Bit.Core.Exceptions; +using Bit.Core.Models.Business; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.Services; +using Bit.Core.Utilities; + +namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions; + +public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscriptionCommand +{ + private readonly IPaymentService _paymentService; + private readonly IOrganizationService _organizationService; + public AddSecretsManagerSubscriptionCommand( + IPaymentService paymentService, + IOrganizationService organizationService) + { + _paymentService = paymentService; + _organizationService = organizationService; + } + public async Task SignUpAsync(Organization organization, int additionalSmSeats, + int additionalServiceAccounts) + { + ValidateOrganization(organization); + + var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType); + var signup = SetOrganizationUpgrade(organization, additionalSmSeats, additionalServiceAccounts); + _organizationService.ValidateSecretsManagerPlan(plan, signup); + + if (plan.Product != ProductType.Free) + { + await _paymentService.AddSecretsManagerToSubscription(organization, plan, additionalSmSeats, additionalServiceAccounts); + } + + organization.SmSeats = plan.BaseSeats + additionalSmSeats; + organization.SmServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() + additionalServiceAccounts; + organization.UseSecretsManager = true; + + await _organizationService.ReplaceAndUpdateCacheAsync(organization); + + // TODO: call ReferenceEventService - see AC-1481 + } + + private static OrganizationUpgrade SetOrganizationUpgrade(Organization organization, int additionalSeats, + int additionalServiceAccounts) + { + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = additionalSeats, + AdditionalServiceAccounts = additionalServiceAccounts, + AdditionalSeats = organization.Seats.GetValueOrDefault() + }; + return signup; + } + + private static void ValidateOrganization(Organization organization) + { + if (organization == null) + { + throw new NotFoundException(); + } + + var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType); + if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId) && plan.Product != ProductType.Free) + { + throw new BadRequestException("No payment method found."); + } + + if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId) && plan.Product != ProductType.Free) + { + throw new BadRequestException("No subscription found."); + } + } +} diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IAddSecretsManagerSubscriptionCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IAddSecretsManagerSubscriptionCommand.cs new file mode 100644 index 0000000000..79adc740a5 --- /dev/null +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IAddSecretsManagerSubscriptionCommand.cs @@ -0,0 +1,11 @@ +using Bit.Core.Entities; + +namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; + +/// +/// This is only for adding SM to an existing organization +/// +public interface IAddSecretsManagerSubscriptionCommand +{ + Task SignUpAsync(Organization organization, int additionalSmSeats, int additionalServiceAccounts); +} diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IUpdateSecretsManagerSubscriptionCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IUpdateSecretsManagerSubscriptionCommand.cs index 78244d8e3d..38126d17c6 100644 --- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IUpdateSecretsManagerSubscriptionCommand.cs +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IUpdateSecretsManagerSubscriptionCommand.cs @@ -1,8 +1,11 @@ -using Bit.Core.Models.Business; +using Bit.Core.Entities; +using Bit.Core.Models.Business; namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; public interface IUpdateSecretsManagerSubscriptionCommand { - Task UpdateSecretsManagerSubscription(SecretsManagerSubscriptionUpdate update); + Task UpdateSubscriptionAsync(SecretsManagerSubscriptionUpdate update); + Task AdjustServiceAccountsAsync(Organization organization, int smServiceAccountsAdjustment); + Task ValidateUpdate(SecretsManagerSubscriptionUpdate update); } diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/OrganizationSubscriptionServiceCollectionExtensions.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/OrganizationSubscriptionServiceCollectionExtensions.cs index 1b8d67211b..2e65fd0563 100644 --- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/OrganizationSubscriptionServiceCollectionExtensions.cs +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/OrganizationSubscriptionServiceCollectionExtensions.cs @@ -7,7 +7,7 @@ public static class OrganizationSubscriptionServiceCollectionExtensions { public static void AddOrganizationSubscriptionServices(this IServiceCollection services) { - services.AddScoped(); services.AddScoped(); + services.AddScoped(); } } diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpdateSecretsManagerSubscriptionCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpdateSecretsManagerSubscriptionCommand.cs index 87db6c83d8..ec4b482e4b 100644 --- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpdateSecretsManagerSubscriptionCommand.cs +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpdateSecretsManagerSubscriptionCommand.cs @@ -1,5 +1,4 @@ -#nullable enable -using Bit.Core.Entities; +using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Exceptions; using Bit.Core.Models.Business; @@ -8,6 +7,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; using Bit.Core.Repositories; using Bit.Core.SecretsManager.Repositories; using Bit.Core.Services; +using Bit.Core.Settings; using Bit.Core.Utilities; using Microsoft.Extensions.Logging; @@ -15,86 +15,57 @@ namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions; public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubscriptionCommand { - private readonly IOrganizationRepository _organizationRepository; private readonly IOrganizationUserRepository _organizationUserRepository; private readonly IPaymentService _paymentService; - private readonly IOrganizationService _organizationService; private readonly IMailService _mailService; private readonly ILogger _logger; private readonly IServiceAccountRepository _serviceAccountRepository; + private readonly IGlobalSettings _globalSettings; + private readonly IOrganizationRepository _organizationRepository; + private readonly IApplicationCacheService _applicationCacheService; + private readonly IEventService _eventService; public UpdateSecretsManagerSubscriptionCommand( - IOrganizationRepository organizationRepository, - IOrganizationService organizationService, IOrganizationUserRepository organizationUserRepository, IPaymentService paymentService, IMailService mailService, ILogger logger, - IServiceAccountRepository serviceAccountRepository) + IServiceAccountRepository serviceAccountRepository, + IGlobalSettings globalSettings, + IOrganizationRepository organizationRepository, + IApplicationCacheService applicationCacheService, + IEventService eventService) { - _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; _paymentService = paymentService; - _organizationService = organizationService; _mailService = mailService; _logger = logger; _serviceAccountRepository = serviceAccountRepository; + _globalSettings = globalSettings; + _organizationRepository = organizationRepository; + _applicationCacheService = applicationCacheService; + _eventService = eventService; } - public async Task UpdateSecretsManagerSubscription(SecretsManagerSubscriptionUpdate update) + public async Task UpdateSubscriptionAsync(SecretsManagerSubscriptionUpdate update) { - var organization = await _organizationRepository.GetByIdAsync(update.OrganizationId); + await ValidateUpdate(update); - ValidateOrganization(organization); + await FinalizeSubscriptionAdjustmentAsync(update.Organization, update.Plan, update); - var plan = GetPlanForOrganization(organization); - - if (update.SmSeatsChanged) - { - await ValidateSmSeatsUpdateAsync(organization, update, plan); - } - - if (update.SmServiceAccountsChanged) - { - await ValidateSmServiceAccountsUpdateAsync(organization, update, plan); - } - - if (update.MaxAutoscaleSmSeatsChanged) - { - ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan); - } - - if (update.MaxAutoscaleSmServiceAccountsChanged) - { - ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan); - } - - await FinalizeSubscriptionAdjustmentAsync(organization, plan, update); - - await SendEmailIfAutoscaleLimitReached(organization); + await SendEmailIfAutoscaleLimitReached(update.Organization); } - private Plan GetPlanForOrganization(Organization organization) + public async Task AdjustServiceAccountsAsync(Organization organization, int smServiceAccountsAdjustment) { - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType); - if (plan == null) + var update = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 0, maxAutoscaleSeats: organization?.MaxAutoscaleSmSeats, + serviceAccountAdjustment: smServiceAccountsAdjustment, maxAutoscaleServiceAccounts: organization?.MaxAutoscaleSmServiceAccounts) { - throw new BadRequestException("Existing plan not found."); - } - return plan; - } + Autoscaling = true + }; - private static void ValidateOrganization(Organization organization) - { - if (organization == null) - { - throw new NotFoundException("Organization is not found"); - } - - if (!organization.UseSecretsManager) - { - throw new BadRequestException("Organization has no access to Secrets Manager."); - } + await UpdateSubscriptionAsync(update); } private async Task FinalizeSubscriptionAdjustmentAsync(Organization organization, @@ -122,13 +93,13 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs organization.MaxAutoscaleSmServiceAccounts = update.MaxAutoscaleSmServiceAccounts; } - await _organizationService.ReplaceAndUpdateCacheAsync(organization); + await ReplaceAndUpdateCacheAsync(organization); } private async Task ProcessChargesAndRaiseEventsForAdjustSeatsAsync(Organization organization, Plan plan, SecretsManagerSubscriptionUpdate update) { - await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase); + await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase, update.ProrationDate); // TODO: call ReferenceEventService - see AC-1481 } @@ -137,7 +108,7 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs SecretsManagerSubscriptionUpdate update) { await _paymentService.AdjustServiceAccountsAsync(organization, plan, - update.SmServiceAccountsExcludingBase); + update.SmServiceAccountsExcludingBase, update.ProrationDate); // TODO: call ReferenceEventService - see AC-1481 } @@ -170,7 +141,6 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs { _logger.LogError(e, $"Error encountered notifying organization owners of Seats limit reached."); } - } private async Task SendServiceAccountLimitEmailAsync(Organization organization, int MaxAutoscaleValue) @@ -191,16 +161,59 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs } - private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan) + public async Task ValidateUpdate(SecretsManagerSubscriptionUpdate update) { - if (organization.SmSeats == null) + if (_globalSettings.SelfHosted) { - throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats"); + var message = update.Autoscaling + ? "Cannot autoscale on a self-hosted instance." + : "Cannot update subscription on a self-hosted instance."; + throw new BadRequestException(message); } - if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats > update.MaxAutoscaleSmSeats.Value) + var organization = update.Organization; + ValidateOrganization(organization); + + var plan = GetPlanForOrganization(organization); + + if (update.SmSeatsChanged) { - throw new BadRequestException("Cannot set max seat autoscaling below seat count."); + await ValidateSmSeatsUpdateAsync(organization, update, plan); + } + + if (update.SmServiceAccountsChanged) + { + await ValidateSmServiceAccountsUpdateAsync(organization, update, plan); + } + + if (update.MaxAutoscaleSmSeatsChanged) + { + ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan); + } + + if (update.MaxAutoscaleSmServiceAccountsChanged) + { + ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan); + } + } + + private void ValidateOrganization(Organization organization) + { + if (organization == null) + { + throw new NotFoundException("Organization is not found."); + } + + if (!organization.UseSecretsManager) + { + throw new BadRequestException("Organization has no access to Secrets Manager."); + } + + var plan = GetPlanForOrganization(organization); + if (plan.Product == ProductType.Free) + { + // No need to check the organization is set up with Stripe + return; } if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId)) @@ -212,32 +225,65 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs { throw new BadRequestException("No subscription found."); } + } - if (!plan.HasAdditionalSeatsOption) + private Plan GetPlanForOrganization(Organization organization) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType); + if (plan == null) { - throw new BadRequestException("Plan does not allow additional Secrets Manager seats."); + throw new BadRequestException("Existing plan not found."); + } + return plan; + } + + private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan) + { + // Check if the organization has unlimited seats + if (organization.SmSeats == null) + { + throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats"); } - if (plan.BaseSeats > update.SmSeats) + if (update.Autoscaling && update.SmSeats.Value < organization.SmSeats.Value) + { + throw new BadRequestException("Cannot use autoscaling to subtract seats."); + } + + // Check plan maximum seats + if (!plan.HasAdditionalSeatsOption || + (plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value)) + { + var planMaxSeats = plan.BaseSeats + plan.MaxAdditionalSeats.GetValueOrDefault(); + throw new BadRequestException($"You have reached the maximum number of Secrets Manager seats ({planMaxSeats}) for this plan."); + } + + // Check autoscale maximum seats + if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats.Value > update.MaxAutoscaleSmSeats.Value) + { + var message = update.Autoscaling + ? "Secrets Manager seat limit has been reached." + : "Cannot set max seat autoscaling below seat count."; + throw new BadRequestException(message); + } + + // Check minimum seats included with plan + if (plan.BaseSeats > update.SmSeats.Value) { throw new BadRequestException($"Plan has a minimum of {plan.BaseSeats} Secrets Manager seats."); } - if (update.SmSeats <= 0) + // Check minimum seats required by business logic + if (update.SmSeats.Value <= 0) { throw new BadRequestException("You must have at least 1 Secrets Manager seat."); } - if (plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value) - { - throw new BadRequestException($"Organization plan allows a maximum of " + - $"{plan.MaxAdditionalSeats.Value} additional Secrets Manager seats."); - } - - if (organization.SmSeats.Value > update.SmSeats) + // Check minimum seats currently in use by the organization + if (organization.SmSeats.Value > update.SmSeats.Value) { var currentSeats = await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id); - if (currentSeats > update.SmSeats) + if (currentSeats > update.SmSeats.Value) { throw new BadRequestException($"Your organization currently has {currentSeats} Secrets Manager seats. " + $"Your plan only allows {update.SmSeats} Secrets Manager seats. Remove some Secrets Manager users."); @@ -247,48 +293,50 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs private async Task ValidateSmServiceAccountsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan) { + // Check if the organization has unlimited service accounts if (organization.SmServiceAccounts == null) { throw new BadRequestException("Organization has no Service Accounts limit, no need to adjust Service Accounts"); } - if (update.MaxAutoscaleSmServiceAccounts.HasValue && update.SmServiceAccounts > update.MaxAutoscaleSmServiceAccounts.Value) + if (update.Autoscaling && update.SmServiceAccounts.Value < organization.SmServiceAccounts.Value) { - throw new BadRequestException("Cannot set max Service Accounts autoscaling below Service Accounts count."); + throw new BadRequestException("Cannot use autoscaling to subtract service accounts."); } - if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId)) + // Check plan maximum service accounts + if (!plan.HasAdditionalServiceAccountOption || + (plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value)) { - throw new BadRequestException("No payment method found."); + var planMaxServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() + + plan.MaxAdditionalServiceAccount.GetValueOrDefault(); + throw new BadRequestException($"You have reached the maximum number of service accounts ({planMaxServiceAccounts}) for this plan."); } - if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId)) + // Check autoscale maximum service accounts + if (update.MaxAutoscaleSmServiceAccounts.HasValue && + update.SmServiceAccounts.Value > update.MaxAutoscaleSmServiceAccounts.Value) { - throw new BadRequestException("No subscription found."); + var message = update.Autoscaling + ? "Secrets Manager service account limit has been reached." + : "Cannot set max service accounts autoscaling below service account amount."; + throw new BadRequestException(message); } - if (!plan.HasAdditionalServiceAccountOption) - { - throw new BadRequestException("Plan does not allow additional Service Accounts."); - } - - if (plan.BaseServiceAccount > update.SmServiceAccounts) + // Check minimum service accounts included with plan + if (plan.BaseServiceAccount.HasValue && plan.BaseServiceAccount.Value > update.SmServiceAccounts.Value) { throw new BadRequestException($"Plan has a minimum of {plan.BaseServiceAccount} Service Accounts."); } - if (update.SmServiceAccounts <= 0) + // Check minimum service accounts required by business logic + if (update.SmServiceAccounts.Value <= 0) { throw new BadRequestException("You must have at least 1 Service Account."); } - if (plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value) - { - throw new BadRequestException($"Organization plan allows a maximum of " + - $"{plan.MaxAdditionalServiceAccount.Value} additional Service Accounts."); - } - - if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts) + // Check minimum service accounts currently in use by the organization + if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts.Value) { var currentServiceAccounts = await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(organization.Id); if (currentServiceAccounts > update.SmServiceAccounts) @@ -353,4 +401,17 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs "Reduce your max autoscale count.")); } } + + // TODO: This is a temporary duplication of OrganizationService.ReplaceAndUpdateCache to avoid a circular dependency. + // TODO: This should no longer be necessary when user-related methods are extracted from OrganizationService: see PM-1880 + private async Task ReplaceAndUpdateCacheAsync(Organization org, EventType? orgEvent = null) + { + await _organizationRepository.ReplaceAsync(org); + await _applicationCacheService.UpsertOrganizationAbilityAsync(org); + + if (orgEvent.HasValue) + { + await _eventService.LogOrganizationEventAsync(org, orgEvent.Value); + } + } } diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs index ee0d0bbc2a..dec05ac9e9 100644 --- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs @@ -267,10 +267,15 @@ public class UpgradeOrganizationPlanCommand : IUpgradeOrganizationPlanCommand organization.PublicKey = upgrade.PublicKey; organization.PrivateKey = upgrade.PrivateKey; organization.UsePasswordManager = true; - organization.SmSeats = (short)(newSecretsManagerPlan.BaseSeats + upgrade.AdditionalSmSeats.GetValueOrDefault()); - organization.SmServiceAccounts = newSecretsManagerPlan.BaseServiceAccount + upgrade.AdditionalServiceAccounts.GetValueOrDefault(); organization.UseSecretsManager = upgrade.UseSecretsManager; + if (upgrade.UseSecretsManager) + { + organization.SmSeats = newSecretsManagerPlan.BaseSeats + upgrade.AdditionalSmSeats.GetValueOrDefault(); + organization.SmServiceAccounts = newSecretsManagerPlan.BaseServiceAccount.GetValueOrDefault() + + upgrade.AdditionalServiceAccounts.GetValueOrDefault(); + } + await _organizationService.ReplaceAndUpdateCacheAsync(organization); if (success) diff --git a/src/Core/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQuery.cs b/src/Core/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQuery.cs new file mode 100644 index 0000000000..24bef3dc7e --- /dev/null +++ b/src/Core/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQuery.cs @@ -0,0 +1,54 @@ +using Bit.Core.Exceptions; +using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; +using Bit.Core.Repositories; + +namespace Bit.Core.OrganizationFeatures.OrganizationUsers; + +public class CountNewSmSeatsRequiredQuery : ICountNewSmSeatsRequiredQuery +{ + private readonly IOrganizationUserRepository _organizationUserRepository; + private readonly IOrganizationRepository _organizationRepository; + + public CountNewSmSeatsRequiredQuery(IOrganizationUserRepository organizationUserRepository, + IOrganizationRepository organizationRepository) + { + _organizationUserRepository = organizationUserRepository; + _organizationRepository = organizationRepository; + } + + public async Task CountNewSmSeatsRequiredAsync(Guid organizationId, int usersToAdd) + { + if (usersToAdd == 0) + { + return 0; + } + + var organization = await _organizationRepository.GetByIdAsync(organizationId); + if (organization == null) + { + throw new NotFoundException(); + } + + if (!organization.UseSecretsManager) + { + throw new BadRequestException("Organization does not use Secrets Manager"); + } + + if (!organization.SmSeats.HasValue || organization.SecretsManagerBeta) + { + return 0; + } + + var occupiedSmSeats = + await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id); + + var availableSmSeats = organization.SmSeats.Value - occupiedSmSeats; + + if (availableSmSeats >= usersToAdd) + { + return 0; + } + + return usersToAdd - availableSmSeats; + } +} diff --git a/src/Core/OrganizationFeatures/OrganizationUsers/Interfaces/ICountNewSmSeatsRequiredQuery.cs b/src/Core/OrganizationFeatures/OrganizationUsers/Interfaces/ICountNewSmSeatsRequiredQuery.cs new file mode 100644 index 0000000000..851aef73a2 --- /dev/null +++ b/src/Core/OrganizationFeatures/OrganizationUsers/Interfaces/ICountNewSmSeatsRequiredQuery.cs @@ -0,0 +1,6 @@ +namespace Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; + +public interface ICountNewSmSeatsRequiredQuery +{ + public Task CountNewSmSeatsRequiredAsync(Guid organizationId, int usersToAdd); +} diff --git a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs b/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs deleted file mode 100644 index fb172fbd16..0000000000 --- a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs +++ /dev/null @@ -1,43 +0,0 @@ -using Bit.Core.Entities; -using Bit.Core.Repositories; -using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces; - -namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager; - -public class EnableAccessSecretsManagerCommand : IEnableAccessSecretsManagerCommand -{ - private readonly IOrganizationUserRepository _organizationUserRepository; - - public EnableAccessSecretsManagerCommand(IOrganizationUserRepository organizationUserRepository) - { - _organizationUserRepository = organizationUserRepository; - } - - public async Task> EnableUsersAsync( - IEnumerable organizationUsers) - { - var results = new List<(OrganizationUser organizationUser, string error)>(); - var usersToEnable = new List(); - - foreach (var orgUser in organizationUsers) - { - if (orgUser.AccessSecretsManager) - { - results.Add((orgUser, "User already has access to Secrets Manager")); - } - else - { - orgUser.AccessSecretsManager = true; - usersToEnable.Add(orgUser); - results.Add((orgUser, "")); - } - } - - if (usersToEnable.Any()) - { - await _organizationUserRepository.ReplaceManyAsync(usersToEnable); - } - - return results; - } -} diff --git a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs b/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs deleted file mode 100644 index b7fa2150ce..0000000000 --- a/src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs +++ /dev/null @@ -1,9 +0,0 @@ -using Bit.Core.Entities; - -namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces; - -public interface IEnableAccessSecretsManagerCommand -{ - Task> EnableUsersAsync( - IEnumerable organizationUsers); -} diff --git a/src/Core/SecretsManager/Queries/ServiceAccounts/Interfaces/ICountNewServiceAccountSlotsRequiredQuery.cs b/src/Core/SecretsManager/Queries/ServiceAccounts/Interfaces/ICountNewServiceAccountSlotsRequiredQuery.cs new file mode 100644 index 0000000000..a19c77112d --- /dev/null +++ b/src/Core/SecretsManager/Queries/ServiceAccounts/Interfaces/ICountNewServiceAccountSlotsRequiredQuery.cs @@ -0,0 +1,6 @@ +namespace Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces; + +public interface ICountNewServiceAccountSlotsRequiredQuery +{ + Task CountNewServiceAccountSlotsRequiredAsync(Guid organizationId, int serviceAccountsToAdd); +} diff --git a/src/Core/SecretsManager/Repositories/IProjectRepository.cs b/src/Core/SecretsManager/Repositories/IProjectRepository.cs index e425df6f45..62770d9720 100644 --- a/src/Core/SecretsManager/Repositories/IProjectRepository.cs +++ b/src/Core/SecretsManager/Repositories/IProjectRepository.cs @@ -16,4 +16,5 @@ public interface IProjectRepository Task> ImportAsync(IEnumerable projects); Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType); Task ProjectsAreInOrganization(List projectIds, Guid organizationId); + Task GetProjectCountByOrganizationIdAsync(Guid organizationId); } diff --git a/src/Core/SecretsManager/Repositories/ISecretRepository.cs b/src/Core/SecretsManager/Repositories/ISecretRepository.cs index 68422cb44c..e8f0673d1e 100644 --- a/src/Core/SecretsManager/Repositories/ISecretRepository.cs +++ b/src/Core/SecretsManager/Repositories/ISecretRepository.cs @@ -21,4 +21,5 @@ public interface ISecretRepository Task UpdateRevisionDates(IEnumerable ids); Task<(bool Read, bool Write)> AccessToSecretAsync(Guid id, Guid userId, AccessClientType accessType); Task EmptyTrash(DateTime nowTime, uint deleteAfterThisNumberOfDays); + Task GetSecretsCountByOrganizationIdAsync(Guid organizationId); } diff --git a/src/Core/SecretsManager/Repositories/Noop/NoopProjectRepository.cs b/src/Core/SecretsManager/Repositories/Noop/NoopProjectRepository.cs new file mode 100644 index 0000000000..f8b16f276a --- /dev/null +++ b/src/Core/SecretsManager/Repositories/Noop/NoopProjectRepository.cs @@ -0,0 +1,65 @@ +using Bit.Core.Enums; +using Bit.Core.SecretsManager.Entities; +using Bit.Core.SecretsManager.Models.Data; + +namespace Bit.Core.SecretsManager.Repositories.Noop; + +public class NoopProjectRepository : IProjectRepository +{ + public Task> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, + AccessClientType accessType) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId, + AccessClientType accessType) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyWithSecretsByIds(IEnumerable ids) + { + return Task.FromResult(null as IEnumerable); + } + + public Task GetByIdAsync(Guid id) + { + return Task.FromResult(null as Project); + } + + public Task CreateAsync(Project project) + { + return Task.FromResult(null as Project); + } + + public Task ReplaceAsync(Project project) + { + return Task.FromResult(0); + } + + public Task DeleteManyByIdAsync(IEnumerable ids) + { + return Task.FromResult(0); + } + + public Task> ImportAsync(IEnumerable projects) + { + return Task.FromResult(null as IEnumerable); + } + + public Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType) + { + return Task.FromResult((false, false)); + } + + public Task ProjectsAreInOrganization(List projectIds, Guid organizationId) + { + return Task.FromResult(false); + } + + public Task GetProjectCountByOrganizationIdAsync(Guid organizationId) + { + return Task.FromResult(0); + } +} diff --git a/src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs b/src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs new file mode 100644 index 0000000000..8f65322ac1 --- /dev/null +++ b/src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs @@ -0,0 +1,91 @@ +using Bit.Core.Enums; +using Bit.Core.SecretsManager.Entities; +using Bit.Core.SecretsManager.Models.Data; + +namespace Bit.Core.SecretsManager.Repositories.Noop; + +public class NoopSecretRepository : ISecretRepository +{ + public Task> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId, + AccessClientType accessType) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyByOrganizationIdInTrashAsync(Guid organizationId) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyByOrganizationIdInTrashByIdsAsync(Guid organizationId, + IEnumerable ids) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyByIds(IEnumerable ids) + { + return Task.FromResult(null as IEnumerable); + } + + public Task> GetManyByProjectIdAsync(Guid projectId, Guid userId, + AccessClientType accessType) + { + return Task.FromResult(null as IEnumerable); + } + + public Task GetByIdAsync(Guid id) + { + return Task.FromResult(null as Secret); + } + + public Task CreateAsync(Secret secret) + { + return Task.FromResult(null as Secret); + } + + public Task UpdateAsync(Secret secret) + { + return Task.FromResult(null as Secret); + } + + public Task SoftDeleteManyByIdAsync(IEnumerable ids) + { + return Task.FromResult(0); + } + + public Task HardDeleteManyByIdAsync(IEnumerable ids) + { + return Task.FromResult(0); + } + + public Task RestoreManyByIdAsync(IEnumerable ids) + { + return Task.FromResult(0); + } + + public Task> ImportAsync(IEnumerable secrets) + { + return Task.FromResult(null as IEnumerable); + } + + public Task UpdateRevisionDates(IEnumerable ids) + { + return Task.FromResult(0); + } + + public Task<(bool Read, bool Write)> AccessToSecretAsync(Guid id, Guid userId, AccessClientType accessType) + { + return Task.FromResult((false, false)); + } + + public Task EmptyTrash(DateTime nowTime, uint deleteAfterThisNumberOfDays) + { + return Task.FromResult(0); + } + + public Task GetSecretsCountByOrganizationIdAsync(Guid organizationId) + { + return Task.FromResult(0); + } +} diff --git a/src/Core/Services/IPaymentService.cs b/src/Core/Services/IPaymentService.cs index d636fa2265..642a423dc4 100644 --- a/src/Core/Services/IPaymentService.cs +++ b/src/Core/Services/IPaymentService.cs @@ -37,4 +37,6 @@ public interface IPaymentService Task CreateTaxRateAsync(TaxRate taxRate); Task UpdateTaxRateAsync(TaxRate taxRate); Task ArchiveTaxRateAsync(TaxRate taxRate); + Task AddSecretsManagerToSubscription(Organization org, Plan plan, int additionalSmSeats, + int additionalServiceAccount, DateTime? prorationDate = null); } diff --git a/src/Core/Services/Implementations/OrganizationService.cs b/src/Core/Services/Implementations/OrganizationService.cs index 3c3f5d709c..c0aa2fe100 100644 --- a/src/Core/Services/Implementations/OrganizationService.cs +++ b/src/Core/Services/Implementations/OrganizationService.cs @@ -11,6 +11,8 @@ using Bit.Core.Exceptions; using Bit.Core.Models.Business; using Bit.Core.Models.Data; using Bit.Core.Models.Data.Organizations.Policies; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.Repositories; using Bit.Core.Settings; using Bit.Core.Tools.Enums; @@ -50,6 +52,8 @@ public class OrganizationService : IOrganizationService private readonly ILogger _logger; private readonly IProviderOrganizationRepository _providerOrganizationRepository; private readonly IProviderUserRepository _providerUserRepository; + private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery; + private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand; public OrganizationService( IOrganizationRepository organizationRepository, @@ -76,7 +80,9 @@ public class OrganizationService : IOrganizationService ICurrentContext currentContext, ILogger logger, IProviderOrganizationRepository providerOrganizationRepository, - IProviderUserRepository providerUserRepository) + IProviderUserRepository providerUserRepository, + ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery, + IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand) { _organizationRepository = organizationRepository; _organizationUserRepository = organizationUserRepository; @@ -103,6 +109,8 @@ public class OrganizationService : IOrganizationService _logger = logger; _providerOrganizationRepository = providerOrganizationRepository; _providerUserRepository = providerUserRepository; + _countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery; + _updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand; } public async Task ReplacePaymentMethodAsync(Guid organizationId, string paymentToken, @@ -446,11 +454,16 @@ public class OrganizationService : IOrganizationService RevisionDate = DateTime.UtcNow, Status = OrganizationStatusType.Created, UsePasswordManager = true, - SmSeats = (short)(secretsManagerPlan.BaseSeats + signup.AdditionalSmSeats.GetValueOrDefault()), - SmServiceAccounts = secretsManagerPlan.BaseServiceAccount + signup.AdditionalServiceAccounts.GetValueOrDefault(), - UseSecretsManager = signup.UseSecretsManager + UseSecretsManager = signup.UseSecretsManager, }; + if (signup.UseSecretsManager) + { + organization.SmSeats = secretsManagerPlan.BaseSeats + signup.AdditionalSmSeats.GetValueOrDefault(); + organization.SmServiceAccounts = secretsManagerPlan.BaseServiceAccount.GetValueOrDefault() + + signup.AdditionalServiceAccounts.GetValueOrDefault(); + } + if (passwordManagerPlan.Type == PlanType.Free && !provider) { var adminCount = @@ -816,9 +829,12 @@ public class OrganizationService : IOrganizationService throw new NotFoundException(); } - var newSeatsRequired = 0; var existingEmails = new HashSet(await _organizationUserRepository.SelectKnownEmailsAsync( organizationId, invites.SelectMany(i => i.invite.Emails), false), StringComparer.InvariantCultureIgnoreCase); + + // Seat autoscaling + var initialSmSeatCount = organization.SmSeats; + var newSeatsRequired = 0; if (organization.Seats.HasValue) { var occupiedSeats = await _organizationUserRepository.GetOccupiedSeatCountByOrganizationIdAsync(organization.Id); @@ -835,6 +851,21 @@ public class OrganizationService : IOrganizationService } } + // Secrets Manager seat autoscaling + SecretsManagerSubscriptionUpdate smSubscriptionUpdate = null; + var inviteWithSmAccessCount = invites + .Where(i => i.invite.AccessSecretsManager) + .SelectMany(i => i.invite.Emails) + .Count(email => !existingEmails.Contains(email)); + + var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(organization.Id, inviteWithSmAccessCount); + if (additionalSmSeatsRequired > 0) + { + smSubscriptionUpdate = new SecretsManagerSubscriptionUpdate(organization, true); + smSubscriptionUpdate.AdjustSeats(additionalSmSeatsRequired); + await _updateSecretsManagerSubscriptionCommand.ValidateUpdate(smSubscriptionUpdate); + } + var invitedAreAllOwners = invites.All(i => i.invite.Type == OrganizationUserType.Owner); if (!invitedAreAllOwners && !await HasConfirmedOwnersExceptAsync(organizationId, new Guid[] { }, includeProvider: true)) { @@ -928,6 +959,11 @@ public class OrganizationService : IOrganizationService throw new BadRequestException("Cannot add seats. Cannot manage organization users."); } + if (additionalSmSeatsRequired > 0) + { + smSubscriptionUpdate.ProrationDate = prorationDate; + await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(smSubscriptionUpdate); + } await AutoAddSeatsAsync(organization, newSeatsRequired, prorationDate); await SendInvitesAsync(orgUsers.Concat(limitedCollectionOrgUsers.Select(u => u.Item1)), organization); @@ -942,11 +978,24 @@ public class OrganizationService : IOrganizationService // Revert any added users. var invitedOrgUserIds = orgUsers.Select(u => u.Id).Concat(limitedCollectionOrgUsers.Select(u => u.Item1.Id)); await _organizationUserRepository.DeleteManyAsync(invitedOrgUserIds); - var currentSeatCount = (await _organizationRepository.GetByIdAsync(organization.Id)).Seats; + var currentOrganization = await _organizationRepository.GetByIdAsync(organization.Id); - if (initialSeatCount.HasValue && currentSeatCount.HasValue && currentSeatCount.Value != initialSeatCount.Value) + // Revert autoscaling + if (initialSeatCount.HasValue && currentOrganization.Seats.HasValue && currentOrganization.Seats.Value != initialSeatCount.Value) { - await AdjustSeatsAsync(organization, initialSeatCount.Value - currentSeatCount.Value, prorationDate); + await AdjustSeatsAsync(organization, initialSeatCount.Value - currentOrganization.Seats.Value, prorationDate); + } + + // Revert SmSeat autoscaling + if (initialSmSeatCount.HasValue && currentOrganization.SmSeats.HasValue && + currentOrganization.SmSeats.Value != initialSmSeatCount.Value) + { + var smSubscriptionUpdateRevert = new SecretsManagerSubscriptionUpdate(currentOrganization, false) + { + SmSeats = initialSmSeatCount.Value, + ProrationDate = prorationDate + }; + await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(smSubscriptionUpdateRevert); } exceptions.Add(e); @@ -1343,6 +1392,20 @@ public class OrganizationService : IOrganizationService throw new BadRequestException("Organization must have at least one confirmed owner."); } + // Only autoscale (if required) after all validation has passed so that we know it's a valid request before + // updating Stripe + if (!originalUser.AccessSecretsManager && user.AccessSecretsManager) + { + var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(user.OrganizationId, 1); + if (additionalSmSeatsRequired > 0) + { + var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId); + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustSeats(additionalSmSeatsRequired); + await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update); + } + } + if (user.AccessAll) { // We don't need any collections if we're flagged to have all access. diff --git a/src/Core/Services/Implementations/StripePaymentService.cs b/src/Core/Services/Implementations/StripePaymentService.cs index 190666b1ea..4d2eb4ef85 100644 --- a/src/Core/Services/Implementations/StripePaymentService.cs +++ b/src/Core/Services/Implementations/StripePaymentService.cs @@ -1710,6 +1710,12 @@ public class StripePaymentService : IPaymentService } } + public async Task AddSecretsManagerToSubscription(Organization org, StaticStore.Plan plan, int additionalSmSeats, + int additionalServiceAccount, DateTime? prorationDate = null) + { + return await FinalizeSubscriptionChangeAsync(org, new SecretsManagerSubscribeUpdate(org, plan, additionalSmSeats, additionalServiceAccount), prorationDate); + } + private Stripe.PaymentMethod GetLatestCardPaymentMethod(string customerId) { var cardPaymentMethods = _stripeAdapter.PaymentMethodListAutoPaging( diff --git a/src/Identity/Startup.cs b/src/Identity/Startup.cs index 6a0f274ce8..472dad809f 100644 --- a/src/Identity/Startup.cs +++ b/src/Identity/Startup.cs @@ -4,6 +4,8 @@ using AspNetCoreRateLimit; using Bit.Core; using Bit.Core.Auth.Models.Business.Tokenables; using Bit.Core.Context; +using Bit.Core.SecretsManager.Repositories; +using Bit.Core.SecretsManager.Repositories.Noop; using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.Identity.Utilities; @@ -138,6 +140,10 @@ public class Startup services.AddDefaultServices(globalSettings); services.AddCoreLocalizationServices(); + // TODO: Remove when OrganizationUser methods are moved out of OrganizationService, this noop dependency should + // TODO: no longer be required - see PM-1880 + services.AddScoped(); + if (CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ConnectionString) && CoreHelpers.SettingHasValue(globalSettings.ServiceBus.ApplicationCacheTopicName)) { diff --git a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs index 97695d171f..ea97af0419 100644 --- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs +++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs @@ -332,6 +332,8 @@ public static class ServiceCollectionExtensions { services.AddScoped(); services.AddScoped(); + services.AddScoped(); + services.AddScoped(); } public static void AddNoopServices(this IServiceCollection services) diff --git a/test/Api.Test/Controllers/OrganizationsControllerTests.cs b/test/Api.Test/Controllers/OrganizationsControllerTests.cs index bfed60a9a4..8f8f9b20d9 100644 --- a/test/Api.Test/Controllers/OrganizationsControllerTests.cs +++ b/test/Api.Test/Controllers/OrganizationsControllerTests.cs @@ -43,6 +43,7 @@ public class OrganizationsControllerTests : IDisposable private readonly ILicensingService _licensingService; private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand; private readonly IUpgradeOrganizationPlanCommand _upgradeOrganizationPlanCommand; + private readonly IAddSecretsManagerSubscriptionCommand _addSecretsManagerSubscriptionCommand; private readonly OrganizationsController _sut; @@ -69,13 +70,14 @@ public class OrganizationsControllerTests : IDisposable _licensingService = Substitute.For(); _updateSecretsManagerSubscriptionCommand = Substitute.For(); _upgradeOrganizationPlanCommand = Substitute.For(); + _addSecretsManagerSubscriptionCommand = Substitute.For(); _sut = new OrganizationsController(_organizationRepository, _organizationUserRepository, _policyRepository, _providerRepository, _organizationService, _userService, _paymentService, _currentContext, _ssoConfigRepository, _ssoConfigService, _getOrganizationApiKeyQuery, _rotateOrganizationApiKeyCommand, _createOrganizationApiKeyCommand, _organizationApiKeyRepository, _updateOrganizationLicenseCommand, _cloudGetOrganizationLicenseQuery, _featureService, _globalSettings, _licensingService, - _updateSecretsManagerSubscriptionCommand, _upgradeOrganizationPlanCommand); + _updateSecretsManagerSubscriptionCommand, _upgradeOrganizationPlanCommand, _addSecretsManagerSubscriptionCommand); } public void Dispose() diff --git a/test/Api.Test/SecretsManager/Controllers/ServiceAccountsControllerTests.cs b/test/Api.Test/SecretsManager/Controllers/ServiceAccountsControllerTests.cs index 0847c5c377..6a311a4826 100644 --- a/test/Api.Test/SecretsManager/Controllers/ServiceAccountsControllerTests.cs +++ b/test/Api.Test/SecretsManager/Controllers/ServiceAccountsControllerTests.cs @@ -2,8 +2,11 @@ using Bit.Api.SecretsManager.Controllers; using Bit.Api.SecretsManager.Models.Request; using Bit.Core.Context; +using Bit.Core.Entities; using Bit.Core.Enums; using Bit.Core.Exceptions; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.Repositories; using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces; using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces; using Bit.Core.SecretsManager.Entities; @@ -89,14 +92,51 @@ public class ServiceAccountsControllerTests .CreateAsync(Arg.Any(), Arg.Any()); } + [Theory] + [BitAutoData(0)] + public async void CreateServiceAccount_WhenAutoscalingNotRequired_DoesNotCallUpdateSubscription( + int newSlotsRequired, SutProvider sutProvider, + ServiceAccountCreateRequestModel data, Organization organization) + { + ArrangeCreateServiceAccountAutoScalingTest(newSlotsRequired, sutProvider, data, organization); + + await sutProvider.Sut.CreateAsync(organization.Id, data); + + await sutProvider.GetDependency().Received(1) + .CreateAsync(Arg.Is(sa => sa.Name == data.Name), Arg.Any()); + + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() + .AdjustServiceAccountsAsync(Arg.Any(), Arg.Any()); + } + + [Theory] + [BitAutoData(1)] + [BitAutoData(2)] + public async void CreateServiceAccount_WhenAutoscalingRequired_CallsUpdateSubscription(int newSlotsRequired, + SutProvider sutProvider, + ServiceAccountCreateRequestModel data, Organization organization) + { + ArrangeCreateServiceAccountAutoScalingTest(newSlotsRequired, sutProvider, data, organization); + + await sutProvider.Sut.CreateAsync(organization.Id, data); + + await sutProvider.GetDependency().Received(1) + .CreateAsync(Arg.Is(sa => sa.Name == data.Name), Arg.Any()); + + await sutProvider.GetDependency().Received(1) + .AdjustServiceAccountsAsync(Arg.Is(organization), Arg.Is(newSlotsRequired)); + } + [Theory] [BitAutoData] public async void CreateServiceAccount_Success(SutProvider sutProvider, - ServiceAccountCreateRequestModel data, Guid organizationId) + ServiceAccountCreateRequestModel data, Guid organizationId, Organization mockOrg) { + mockOrg.Id = organizationId; sutProvider.GetDependency() .AuthorizeAsync(Arg.Any(), data.ToServiceAccount(organizationId), Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Success()); + sutProvider.GetDependency().GetByIdAsync(Arg.Is(organizationId)).Returns(mockOrg); sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); var resultServiceAccount = data.ToServiceAccount(organizationId); sutProvider.GetDependency().CreateAsync(default, default) @@ -365,4 +405,20 @@ public class ServiceAccountsControllerTests Assert.Null(result.Error); } } + + private static void ArrangeCreateServiceAccountAutoScalingTest(int newSlotsRequired, SutProvider sutProvider, + ServiceAccountCreateRequestModel data, Organization organization) + { + sutProvider.GetDependency() + .AuthorizeAsync(Arg.Any(), data.ToServiceAccount(organization.Id), + Arg.Any>()).ReturnsForAnyArgs(AuthorizationResult.Success()); + sutProvider.GetDependency().GetByIdAsync(Arg.Is(organization.Id)).Returns(organization); + sutProvider.GetDependency() + .CountNewServiceAccountSlotsRequiredAsync(organization.Id, 1) + .ReturnsForAnyArgs(newSlotsRequired); + sutProvider.GetDependency().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid()); + var resultServiceAccount = data.ToServiceAccount(organization.Id); + sutProvider.GetDependency().CreateAsync(default, default) + .ReturnsForAnyArgs(resultServiceAccount); + } } diff --git a/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs new file mode 100644 index 0000000000..9d635a5afc --- /dev/null +++ b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs @@ -0,0 +1,107 @@ +using Bit.Core.Entities; +using Bit.Core.Enums; +using Bit.Core.Exceptions; +using Bit.Core.Models.Business; +using Bit.Core.Models.StaticStore; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions; +using Bit.Core.Services; +using Bit.Core.Utilities; +using Bit.Test.Common.AutoFixture; +using Bit.Test.Common.AutoFixture.Attributes; +using NSubstitute; +using Xunit; + +namespace Bit.Core.Test.OrganizationFeatures.OrganizationSubscriptionUpdate; +[SutProviderCustomize] +public class AddSecretsManagerSubscriptionCommandTests +{ + [Theory] + [BitAutoData(PlanType.TeamsAnnually)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + public async Task SignUpAsync_ReturnsSuccessAndClientSecret_WhenOrganizationAndPlanExist(PlanType planType, + SutProvider sutProvider, + int additionalServiceAccounts, + int additionalSmSeats, + Organization organization, + bool useSecretsManager) + { + organization.PlanType = planType; + + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType); + + await sutProvider.Sut.SignUpAsync(organization, additionalSmSeats, additionalServiceAccounts); + + sutProvider.GetDependency().Received(1) + .ValidateSecretsManagerPlan(plan, Arg.Is(c => + c.UseSecretsManager == useSecretsManager && + c.AdditionalSmSeats == additionalSmSeats && + c.AdditionalServiceAccounts == additionalServiceAccounts && + c.AdditionalSeats == organization.Seats.GetValueOrDefault())); + + await sutProvider.GetDependency().Received() + .AddSecretsManagerToSubscription(organization, plan, additionalSmSeats, additionalServiceAccounts); + + // TODO: call ReferenceEventService - see AC-1481 + + sutProvider.GetDependency().Received(1).ReplaceAndUpdateCacheAsync(Arg.Is(c => + c.SmSeats == plan.BaseSeats + additionalSmSeats && + c.SmServiceAccounts == plan.BaseServiceAccount.GetValueOrDefault() + additionalServiceAccounts && + c.UseSecretsManager == true)); + } + + [Theory] + [BitAutoData] + public async Task SignUpAsync_ThrowsNotFoundException_WhenOrganizationIsNull( + SutProvider sutProvider, + int additionalServiceAccounts, + int additionalSmSeats) + { + await Assert.ThrowsAsync(() => + sutProvider.Sut.SignUpAsync(null, additionalSmSeats, additionalServiceAccounts)); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData] + public async Task SignUpAsync_ThrowsGatewayException_WhenGatewayCustomerIdIsNullOrWhitespace( + SutProvider sutProvider, + Organization organization, + int additionalServiceAccounts, + int additionalSmSeats) + { + organization.GatewayCustomerId = null; + organization.PlanType = PlanType.EnterpriseAnnually; + var exception = await Assert.ThrowsAsync(() => + sutProvider.Sut.SignUpAsync(organization, additionalSmSeats, additionalServiceAccounts)); + Assert.Contains("No payment method found.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData] + public async Task SignUpAsync_ThrowsGatewayException_WhenGatewaySubscriptionIdIsNullOrWhitespace( + SutProvider sutProvider, + Organization organization, + int additionalServiceAccounts, + int additionalSmSeats) + { + organization.GatewaySubscriptionId = null; + organization.PlanType = PlanType.EnterpriseAnnually; + var exception = await Assert.ThrowsAsync(() => + sutProvider.Sut.SignUpAsync(organization, additionalSmSeats, additionalServiceAccounts)); + Assert.Contains("No subscription found.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + private static async Task VerifyDependencyNotCalledAsync(SutProvider sutProvider) + { + await sutProvider.GetDependency().DidNotReceive() + .AddSecretsManagerToSubscription(Arg.Any(), Arg.Any(), Arg.Any(), Arg.Any()); + + // TODO: call ReferenceEventService - see AC-1481 + + await sutProvider.GetDependency().DidNotReceive().ReplaceAndUpdateCacheAsync(Arg.Any()); + } +} diff --git a/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpdateSecretsManagerSubscriptionCommandTests.cs b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpdateSecretsManagerSubscriptionCommandTests.cs index 11990c1733..329ad60af8 100644 --- a/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpdateSecretsManagerSubscriptionCommandTests.cs +++ b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/UpdateSecretsManagerSubscriptionCommandTests.cs @@ -7,6 +7,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions; using Bit.Core.Repositories; using Bit.Core.SecretsManager.Repositories; using Bit.Core.Services; +using Bit.Core.Settings; using Bit.Core.Utilities; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; @@ -20,36 +21,26 @@ public class UpdateSecretsManagerSubscriptionCommandTests { [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_NoOrganization_Throws( - Guid organizationId, + public async Task UpdateSubscriptionAsync_NoOrganization_Throws( + SecretsManagerSubscriptionUpdate secretsManagerSubscriptionUpdate, SutProvider sutProvider) { - sutProvider.GetDependency() - .GetByIdAsync(organizationId) - .Returns((Organization)null); - - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = null, - SmSeatsAdjustment = 0 - }; + secretsManagerSubscriptionUpdate.Organization = null; var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + () => sutProvider.Sut.UpdateSubscriptionAsync(secretsManagerSubscriptionUpdate)); + Assert.Contains("Organization is not found", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_NoSecretsManagerAccess_ThrowsException( - Guid organizationId, + public async Task UpdateSubscriptionAsync_NoSecretsManagerAccess_ThrowsException( SutProvider sutProvider) { var organization = new Organization { - Id = organizationId, SmSeats = 10, SmServiceAccounts = 5, UseSecretsManager = false, @@ -57,26 +48,18 @@ public class UpdateSecretsManagerSubscriptionCommandTests MaxAutoscaleSmServiceAccounts = 10 }; - sutProvider.GetDependency() - .GetByIdAsync(organizationId) - .Returns(organization); - - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - SmSeatsAdjustment = 1, - MaxAutoscaleSmSeats = 1 - }; + var secretsManagerSubscriptionUpdate = new SecretsManagerSubscriptionUpdate(organization, seatAdjustment: 0, maxAutoscaleSeats: null, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: null); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + () => sutProvider.Sut.UpdateSubscriptionAsync(secretsManagerSubscriptionUpdate)); + Assert.Contains("Organization has no access to Secrets Manager.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_SeatsAdustmentGreaterThanMaxAutoscaleSeats_ThrowsException( + public async Task UpdateSubscriptionAsync_SeatsAdjustmentGreaterThanMaxAutoscaleSeats_ThrowsException( Guid organizationId, SutProvider sutProvider) { @@ -89,29 +72,20 @@ public class UpdateSecretsManagerSubscriptionCommandTests MaxAutoscaleSmSeats = 20, MaxAutoscaleSmServiceAccounts = 10, PlanType = PlanType.EnterpriseAnnually, + GatewayCustomerId = "1", + GatewaySubscriptionId = "2" }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 10, - SmSeatsAdjustment = 15, - SmSeats = organization.SmSeats.GetValueOrDefault() + 10, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + 10) - plan.BaseSeats, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + 5, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 5) - (int)plan.BaseServiceAccount - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 15, maxAutoscaleSeats: 10, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: null); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Cannot set max seat autoscaling below seat count.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_ServiceAccountsGreaterThanMaxAutoscaleSeats_ThrowsException( + public async Task UpdateSubscriptionAsync_ServiceAccountsGreaterThanMaxAutoscaleSeats_ThrowsException( Guid organizationId, SutProvider sutProvider) { @@ -127,30 +101,17 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewayCustomerId = "1", GatewaySubscriptionId = "9" }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 10, - SmServiceAccountsAdjustment = 11, - SmSeats = organization.SmSeats.GetValueOrDefault() + 1, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + 1) - plan.BaseSeats, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + 11, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 11) - (int)plan.BaseServiceAccount - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 15, serviceAccountAdjustment: 11, maxAutoscaleServiceAccounts: 10); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); - Assert.Contains("Cannot set max Service Accounts autoscaling below Service Accounts count", exception.Message); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); + Assert.Contains("Cannot set max service accounts autoscaling below service account amount", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_NullGatewayCustomerId_ThrowsException( + public async Task UpdateSubscriptionAsync_NullGatewayCustomerId_ThrowsException( Guid organizationId, SutProvider sutProvider) { @@ -164,25 +125,17 @@ public class UpdateSecretsManagerSubscriptionCommandTests MaxAutoscaleSmServiceAccounts = 15, PlanType = PlanType.EnterpriseAnnually }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 15, - SmServiceAccountsAdjustment = 1 - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 15, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: 15); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("No payment method found.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_NullGatewaySubscriptionId_ThrowsException( + public async Task UpdateSubscriptionAsync_NullGatewaySubscriptionId_ThrowsException( Guid organizationId, SutProvider sutProvider) { @@ -197,25 +150,17 @@ public class UpdateSecretsManagerSubscriptionCommandTests PlanType = PlanType.EnterpriseAnnually, GatewayCustomerId = "1" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 15, - SmServiceAccountsAdjustment = 1 - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 15, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: 15); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("No subscription found.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_OrgWithNullSmSeatOnSeatsAdjustment_ThrowsException( + public async Task UpdateSubscriptionAsync_OrgWithNullSmSeatOnSeatsAdjustment_ThrowsException( Guid organizationId, SutProvider sutProvider) { @@ -228,21 +173,14 @@ public class UpdateSecretsManagerSubscriptionCommandTests MaxAutoscaleSmSeats = 20, MaxAutoscaleSmServiceAccounts = 15, PlanType = PlanType.EnterpriseAnnually, - GatewayCustomerId = "1" + GatewayCustomerId = "1", + GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 15, - SmServiceAccountsAdjustment = 1 - }; - - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 15, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: 15); var exception = await Assert.ThrowsAsync( - () => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + () => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Organization has no Secrets Manager seat limit, no need to adjust seats", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); @@ -256,12 +194,11 @@ public class UpdateSecretsManagerSubscriptionCommandTests [BitAutoData(PlanType.EnterpriseAnnually2019)] [BitAutoData(PlanType.TeamsMonthly2019)] [BitAutoData(PlanType.TeamsAnnually2019)] - public async Task UpdateSecretsManagerSubscription_WithNonSecretsManagerPlanType_ThrowsBadRequestException( + public async Task UpdateSubscriptionAsync_WithNonSecretsManagerPlanType_ThrowsBadRequestException( PlanType planType, Guid organizationId, SutProvider sutProvider) { - var organization = new Organization { Id = organizationId, @@ -270,95 +207,68 @@ public class UpdateSecretsManagerSubscriptionCommandTests SmServiceAccounts = 200, MaxAutoscaleSmSeats = 20, MaxAutoscaleSmServiceAccounts = 300, - PlanType = planType, + PlanType = PlanType.EnterpriseAnnually, GatewayCustomerId = "1", GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organization.Id, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 1 - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 15, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: 300); + organization.PlanType = planType; - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Existing plan not found", exception.Message, StringComparison.InvariantCultureIgnoreCase); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData(PlanType.Free)] - public async Task UpdateSecretsManagerSubscription_WithHasAdditionalSeatsOptionfalse_ThrowsBadRequestException( + public async Task UpdateSubscriptionAsync_WithHasAdditionalSeatsOptionFalse_ThrowsBadRequestException( PlanType planType, Guid organizationId, SutProvider sutProvider) { - var organization = new Organization { Id = organizationId, UseSecretsManager = true, - SmSeats = 10, - SmServiceAccounts = 200, - MaxAutoscaleSmSeats = 20, - MaxAutoscaleSmServiceAccounts = 300, + SmSeats = 2, + SmServiceAccounts = 3, PlanType = planType, GatewayCustomerId = "1", GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organization.Id, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 1 - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: null, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: null); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); - Assert.Contains("Plan does not allow additional Secrets Manager seats.", exception.Message, StringComparison.InvariantCultureIgnoreCase); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); + Assert.Contains("You have reached the maximum number of Secrets Manager seats (2) for this plan", + exception.Message, StringComparison.InvariantCultureIgnoreCase); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData(PlanType.Free)] - public async Task UpdateSecretsManagerSubscription_WithHasAdditionalServiceAccountOptionFalse_ThrowsBadRequestException( + public async Task UpdateSubscriptionAsync_WithHasAdditionalServiceAccountOptionFalse_ThrowsBadRequestException( PlanType planType, Guid organizationId, SutProvider sutProvider) { - var organization = new Organization { Id = organizationId, UseSecretsManager = true, - SmSeats = 10, - SmServiceAccounts = 200, - MaxAutoscaleSmSeats = 20, - MaxAutoscaleSmServiceAccounts = 300, + SmSeats = 2, + SmServiceAccounts = 3, PlanType = planType, GatewayCustomerId = "1", GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organization.Id, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 0, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 1 - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 0, maxAutoscaleSeats: null, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: null); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); - Assert.Contains("Plan does not allow additional Service Accounts", exception.Message, StringComparison.InvariantCultureIgnoreCase); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); + Assert.Contains("You have reached the maximum number of service accounts (3) for this plan", + exception.Message, StringComparison.InvariantCultureIgnoreCase); await VerifyDependencyNotCalledAsync(sutProvider); } @@ -367,7 +277,7 @@ public class UpdateSecretsManagerSubscriptionCommandTests [BitAutoData(PlanType.EnterpriseMonthly)] [BitAutoData(PlanType.TeamsMonthly)] [BitAutoData(PlanType.TeamsAnnually)] - public async Task UpdateSecretsManagerSubscription_ValidInput_Passes( + public async Task UpdateSubscriptionAsync_ValidInput_Passes( PlanType planType, Guid organizationId, SutProvider sutProvider) @@ -392,71 +302,89 @@ public class UpdateSecretsManagerSubscriptionCommandTests }; var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - SmSeatsAdjustment = seatAdjustment, - SmSeats = organization.SmSeats.GetValueOrDefault() + seatAdjustment, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + seatAdjustment) - plan.BaseSeats, - MaxAutoscaleSmSeats = maxAutoscaleSeats, + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, + seatAdjustment: seatAdjustment, maxAutoscaleSeats: maxAutoscaleSeats, + serviceAccountAdjustment: serviceAccountAdjustment, maxAutoscaleServiceAccounts: maxAutoScaleServiceAccounts); - SmServiceAccountsAdjustment = serviceAccountAdjustment, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + serviceAccountAdjustment, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + serviceAccountAdjustment) - (int)plan.BaseServiceAccount, - MaxAutoscaleSmServiceAccounts = maxAutoScaleServiceAccounts, + await sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate); - MaxAutoscaleSmSeatsChanged = maxAutoscaleSeats != organization.MaxAutoscaleSeats.GetValueOrDefault(), - MaxAutoscaleSmServiceAccountsChanged = 200 != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + await sutProvider.GetDependency().Received(1) + .AdjustSeatsAsync(organization, plan, organizationUpdate.SmSeatsExcludingBase); + await sutProvider.GetDependency().Received(1) + .AdjustServiceAccountsAsync(organization, plan, organizationUpdate.SmServiceAccountsExcludingBase); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); + // TODO: call ReferenceEventService - see AC-1481 - await sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate); - - if (organizationUpdate.SmSeatsAdjustment != 0) - { - await sutProvider.GetDependency().Received(1) - .AdjustServiceAccountsAsync(organization, plan, organizationUpdate.SmServiceAccountsExcludingBase); - - // TODO: call ReferenceEventService - see AC-1481 - - await sutProvider.GetDependency().Received(1).ReplaceAndUpdateCacheAsync( - Arg.Is(org => org.SmSeats == organizationUpdate.SmSeats)); - } - - if (organizationUpdate.SmServiceAccountsAdjustment != 0) - { - await sutProvider.GetDependency().Received(1) - .AdjustSeatsAsync(organization, plan, organizationUpdate.SmSeatsExcludingBase); - - // TODO: call ReferenceEventService - see AC-1481 - - await sutProvider.GetDependency().Received(1).ReplaceAndUpdateCacheAsync( - Arg.Is(org => - org.SmServiceAccounts == (organizationServiceAccounts + organizationUpdate.SmServiceAccountsAdjustment))); - } - - if (organizationUpdate.MaxAutoscaleSmSeats != organization.MaxAutoscaleSmSeats) - { - await sutProvider.GetDependency().Received(1).ReplaceAndUpdateCacheAsync( - Arg.Is(org => - org.MaxAutoscaleSmSeats == organizationUpdate.MaxAutoscaleSmServiceAccounts)); - } - - if (organizationUpdate.MaxAutoscaleSmServiceAccounts != organization.MaxAutoscaleSmServiceAccounts) - { - await sutProvider.GetDependency().Received(1).ReplaceAndUpdateCacheAsync( - Arg.Is(org => - org.MaxAutoscaleSmServiceAccounts == organizationUpdate.MaxAutoscaleSmServiceAccounts)); - } + AssertUpdatedOrganization(() => Arg.Is(org => + org.Id == organizationId + && org.SmSeats == organizationUpdate.SmSeats + && org.MaxAutoscaleSmSeats == organizationUpdate.MaxAutoscaleSmSeats + && org.SmServiceAccounts == (organizationServiceAccounts + serviceAccountAdjustment) + && org.MaxAutoscaleSmServiceAccounts == organizationUpdate.MaxAutoscaleSmServiceAccounts), sutProvider); await sutProvider.GetDependency().Received(1).SendSecretsManagerMaxSeatLimitReachedEmailAsync(organization, organization.MaxAutoscaleSmSeats.Value, Arg.Any>()); await sutProvider.GetDependency().Received(1).SendSecretsManagerMaxServiceAccountLimitReachedEmailAsync(organization, organization.MaxAutoscaleSmServiceAccounts.Value, Arg.Any>()); } + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.TeamsAnnually)] + public async Task UpdateSubscriptionAsync_ValidInput_WithNullMaxAutoscale_Passes( + PlanType planType, + Guid organizationId, + SutProvider sutProvider) + { + int organizationServiceAccounts = 200; + int seatAdjustment = 5; + int? maxAutoscaleSeats = null; + int serviceAccountAdjustment = 100; + int? maxAutoScaleServiceAccounts = null; + + var organization = new Organization + { + Id = organizationId, + UseSecretsManager = true, + SmSeats = 10, + MaxAutoscaleSmSeats = 20, + SmServiceAccounts = organizationServiceAccounts, + MaxAutoscaleSmServiceAccounts = 350, + PlanType = planType, + GatewayCustomerId = "1", + GatewaySubscriptionId = "2" + }; + + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, + seatAdjustment: seatAdjustment, maxAutoscaleSeats: maxAutoscaleSeats, + serviceAccountAdjustment: serviceAccountAdjustment, maxAutoscaleServiceAccounts: maxAutoScaleServiceAccounts); + + await sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate); + + await sutProvider.GetDependency().Received(1) + .AdjustSeatsAsync(organization, plan, organizationUpdate.SmSeatsExcludingBase); + await sutProvider.GetDependency().Received(1) + .AdjustServiceAccountsAsync(organization, plan, organizationUpdate.SmServiceAccountsExcludingBase); + + // TODO: call ReferenceEventService - see AC-1481 + + AssertUpdatedOrganization(() => Arg.Is(org => + org.Id == organizationId + && org.SmSeats == organizationUpdate.SmSeats + && org.MaxAutoscaleSmSeats == organizationUpdate.MaxAutoscaleSmSeats + && org.SmServiceAccounts == (organizationServiceAccounts + serviceAccountAdjustment) + && org.MaxAutoscaleSmServiceAccounts == organizationUpdate.MaxAutoscaleSmServiceAccounts), sutProvider); + + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().SendSecretsManagerMaxSeatLimitReachedEmailAsync(default, default, default); + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs().SendSecretsManagerMaxServiceAccountLimitReachedEmailAsync(default, default, default); + } + [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_ThrowsBadRequestException_WhenMaxAutoscaleSeatsBelowSeatCount( + public async Task UpdateSubscriptionAsync_ThrowsBadRequestException_WhenMaxAutoscaleSeatsBelowSeatCount( Guid organizationId, SutProvider sutProvider) { @@ -472,30 +400,17 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewayCustomerId = "1", GatewaySubscriptionId = "2" }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var update = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 4, - SmSeatsAdjustment = 1, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 5, - SmSeats = organization.SmSeats.GetValueOrDefault() + 1, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + 1) - plan.BaseSeats, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + 5, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 5) - (int)plan.BaseServiceAccount - }; + var update = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 1, maxAutoscaleSeats: 4, serviceAccountAdjustment: 5, maxAutoscaleServiceAccounts: 300); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(update)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); Assert.Contains("Cannot set max seat autoscaling below seat count.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } [Theory] [BitAutoData] - public async Task UpdateSecretsManagerSubscription_ThrowsBadRequestException_WhenOccupiedSeatsExceedNewSeatTotal( + public async Task UpdateSubscriptionAsync_ThrowsBadRequestException_WhenOccupiedSeatsExceedNewSeatTotal( Guid organizationId, SutProvider sutProvider) { @@ -508,25 +423,12 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewaySubscriptionId = "2", PlanType = PlanType.EnterpriseAnnually }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var update = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 7, - SmSeatsAdjustment = -3, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 5, - SmSeats = organization.SmSeats.GetValueOrDefault() - 3, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() - 3) - plan.BaseSeats, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + 5, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 5) - (int)plan.BaseServiceAccount - }; + var update = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: -3, maxAutoscaleSeats: 7, serviceAccountAdjustment: 5, maxAutoscaleServiceAccounts: 300); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); sutProvider.GetDependency().GetOccupiedSmSeatCountByOrganizationIdAsync(organizationId).Returns(8); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(update)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); Assert.Contains("Your organization currently has 8 Secrets Manager seats. Your plan only allows 7 Secrets Manager seats. Remove some Secrets Manager users", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } @@ -547,23 +449,10 @@ public class UpdateSecretsManagerSubscriptionCommandTests SmServiceAccounts = null, PlanType = PlanType.EnterpriseAnnually }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var update = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 21, - SmSeatsAdjustment = 10, - MaxAutoscaleSmServiceAccounts = 250, - SmServiceAccountsAdjustment = 1, - SmSeats = organization.SmSeats.GetValueOrDefault() + 10, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + 10) - plan.BaseSeats, - SmServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault() + 1, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 1) - (int)plan.BaseServiceAccount - }; + var update = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 10, maxAutoscaleSeats: 21, serviceAccountAdjustment: 1, maxAutoscaleServiceAccounts: 250); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(update)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); Assert.Contains("Organization has no Service Accounts limit, no need to adjust Service Accounts", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } @@ -585,20 +474,10 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewaySubscriptionId = "2", }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 0, - MaxAutoscaleSmServiceAccounts = 200, - SmServiceAccountsAdjustment = 0, - MaxAutoscaleSmSeatsChanged = 15 != organization.MaxAutoscaleSeats.GetValueOrDefault(), - MaxAutoscaleSmServiceAccountsChanged = 200 != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 0, maxAutoscaleSeats: 15, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: 200); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Your plan has a Secrets Manager seat limit of 2, but you have specified a max autoscale count of 15.Reduce your max autoscale count.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); } @@ -623,20 +502,10 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 1, - SmSeatsAdjustment = 0, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 0, - MaxAutoscaleSmSeatsChanged = 1 != organization.MaxAutoscaleSeats.GetValueOrDefault(), - MaxAutoscaleSmServiceAccountsChanged = 200 != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 0, maxAutoscaleSeats: 1, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: 300); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Your plan does not allow Secrets Manager seat autoscaling", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); @@ -662,20 +531,10 @@ public class UpdateSecretsManagerSubscriptionCommandTests GatewaySubscriptionId = "2" }; - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = null, - SmSeatsAdjustment = 0, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 0, - MaxAutoscaleSmSeatsChanged = false, - MaxAutoscaleSmServiceAccountsChanged = 300 != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 0, maxAutoscaleSeats: null, serviceAccountAdjustment: 0, maxAutoscaleServiceAccounts: 300); - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); - - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); Assert.Contains("Your plan does not allow Service Accounts autoscaling.", exception.Message); await VerifyDependencyNotCalledAsync(sutProvider); @@ -696,42 +555,173 @@ public class UpdateSecretsManagerSubscriptionCommandTests Id = organizationId, UseSecretsManager = true, SmSeats = 10, - SmServiceAccounts = 301, MaxAutoscaleSmSeats = 20, + SmServiceAccounts = 301, MaxAutoscaleSmServiceAccounts = 350, PlanType = planType, GatewayCustomerId = "1", GatewaySubscriptionId = "2" }; - var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == organization.PlanType); - var organizationUpdate = new SecretsManagerSubscriptionUpdate - { - OrganizationId = organizationId, - MaxAutoscaleSmSeats = 15, - SmSeatsAdjustment = 5, - MaxAutoscaleSmServiceAccounts = 300, - SmServiceAccountsAdjustment = 100, - SmSeats = organization.SmSeats.GetValueOrDefault() + 5, - SmSeatsExcludingBase = (organization.SmSeats.GetValueOrDefault() + 5) - plan.BaseSeats, - SmServiceAccounts = 300, - SmServiceAccountsExcludingBase = (organization.SmServiceAccounts.GetValueOrDefault() + 100) - (int)plan.BaseServiceAccount, - MaxAutoscaleSmSeatsChanged = 15 != organization.MaxAutoscaleSeats.GetValueOrDefault(), - MaxAutoscaleSmServiceAccountsChanged = 200 != organization.MaxAutoscaleSmServiceAccounts.GetValueOrDefault() - }; + var organizationUpdate = new SecretsManagerSubscriptionUpdate( + organization, seatAdjustment: 5, maxAutoscaleSeats: 15, serviceAccountAdjustment: -100, maxAutoscaleServiceAccounts: 300); var currentServiceAccounts = 301; - sutProvider.GetDependency().GetByIdAsync(organizationId).Returns(organization); sutProvider.GetDependency() .GetServiceAccountCountByOrganizationIdAsync(organization.Id) .Returns(currentServiceAccounts); - var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSecretsManagerSubscription(organizationUpdate)); - Assert.Contains("Your organization currently has 301 Service Accounts. Your plan only allows 300 Service Accounts. Remove some Service Accounts", exception.Message); + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(organizationUpdate)); + Assert.Contains("Your organization currently has 301 Service Accounts. Your plan only allows 201 Service Accounts. Remove some Service Accounts", exception.Message); await sutProvider.GetDependency().Received(1).GetServiceAccountCountByOrganizationIdAsync(organization.Id); await VerifyDependencyNotCalledAsync(sutProvider); } + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.TeamsAnnually)] + public async Task AdjustServiceAccountsAsync_WithEnterpriseOrTeamsPlans_Success(PlanType planType, Guid organizationId, + SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == planType); + + var organizationSeats = plan.BaseSeats + 10; + var organizationMaxAutoscaleSeats = 20; + var organizationServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() + 10; + var organizationMaxAutoscaleServiceAccounts = 300; + + var organization = new Organization + { + Id = organizationId, + PlanType = planType, + GatewayCustomerId = "1", + GatewaySubscriptionId = "2", + UseSecretsManager = true, + SmSeats = organizationSeats, + MaxAutoscaleSmSeats = organizationMaxAutoscaleSeats, + SmServiceAccounts = organizationServiceAccounts, + MaxAutoscaleSmServiceAccounts = organizationMaxAutoscaleServiceAccounts + }; + + var smServiceAccountsAdjustment = 10; + var expectedSmServiceAccounts = organizationServiceAccounts + smServiceAccountsAdjustment; + var expectedSmServiceAccountsExcludingBase = expectedSmServiceAccounts - plan.BaseServiceAccount.GetValueOrDefault(); + + await sutProvider.Sut.AdjustServiceAccountsAsync(organization, smServiceAccountsAdjustment); + + await sutProvider.GetDependency().Received(1).AdjustServiceAccountsAsync( + Arg.Is(o => o.Id == organizationId), + plan, + expectedSmServiceAccountsExcludingBase); + // TODO: call ReferenceEventService - see AC-1481 + AssertUpdatedOrganization(() => Arg.Is(o => + o.Id == organizationId + && o.SmSeats == organizationSeats + && o.MaxAutoscaleSmSeats == organizationMaxAutoscaleSeats + && o.SmServiceAccounts == expectedSmServiceAccounts + && o.MaxAutoscaleSmServiceAccounts == organizationMaxAutoscaleServiceAccounts), sutProvider); + } + + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + public async Task ServiceAccountAutoscaling_MaxLimitReached_ThrowsBadRequestException( + PlanType planType, + Organization organization, + SutProvider sutProvider) + { + organization.PlanType = planType; + organization.UseSecretsManager = true; + organization.SmServiceAccounts = 9; + organization.MaxAutoscaleSmServiceAccounts = 10; + + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustServiceAccounts(2); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); + Assert.Contains("Secrets Manager service account limit has been reached.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + public async Task ServiceAccountAutoscaling_Subtracting_ThrowsBadRequestException( + PlanType planType, + Organization organization, + SutProvider sutProvider) + { + organization.PlanType = planType; + organization.UseSecretsManager = true; + + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustServiceAccounts(-2); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); + Assert.Contains("Cannot use autoscaling to subtract service accounts.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + public async Task SmSeatAutoscaling_MaxLimitReached_ThrowsBadRequestException( + PlanType planType, + Organization organization, + SutProvider sutProvider) + { + organization.PlanType = planType; + organization.UseSecretsManager = true; + organization.SmSeats = 9; + organization.MaxAutoscaleSmSeats = 10; + + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustSeats(2); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); + Assert.Contains("Secrets Manager seat limit has been reached.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually)] + public async Task SmSeatAutoscaling_Subtracting_ThrowsBadRequestException( + PlanType planType, + Organization organization, + SutProvider sutProvider) + { + organization.PlanType = planType; + organization.UseSecretsManager = true; + + var update = new SecretsManagerSubscriptionUpdate(organization, true); + update.AdjustSeats(-2); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); + Assert.Contains("Cannot use autoscaling to subtract seats.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + + [Theory] + [BitAutoData(false, "Cannot update subscription on a self-hosted instance.")] + [BitAutoData(true, "Cannot autoscale on a self-hosted instance.")] + public async Task UpdatingSubscription_WhenSelfHosted_ThrowsBadRequestException( + bool autoscaling, + string expectedError, + Organization organization, + SutProvider sutProvider) + { + organization.PlanType = PlanType.EnterpriseAnnually; + organization.UseSecretsManager = true; + + var update = new SecretsManagerSubscriptionUpdate(organization, autoscaling); + update.AdjustSeats(2); + + sutProvider.GetDependency().SelfHosted.Returns(true); + + var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.UpdateSubscriptionAsync(update)); + Assert.Contains(expectedError, exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + private static async Task VerifyDependencyNotCalledAsync(SutProvider sutProvider) { await sutProvider.GetDependency().DidNotReceive() @@ -739,10 +729,17 @@ public class UpdateSecretsManagerSubscriptionCommandTests await sutProvider.GetDependency().DidNotReceive() .AdjustServiceAccountsAsync(Arg.Any(), Arg.Any(), Arg.Any()); // TODO: call ReferenceEventService - see AC-1481 - await sutProvider.GetDependency().DidNotReceive() - .ReplaceAndUpdateCacheAsync(Arg.Any()); await sutProvider.GetDependency().DidNotReceive() .SendOrganizationMaxSeatLimitReachedEmailAsync(Arg.Any(), Arg.Any(), Arg.Any>()); + + sutProvider.GetDependency().DidNotReceiveWithAnyArgs().ReplaceAsync(default); + sutProvider.GetDependency().DidNotReceiveWithAnyArgs().UpsertOrganizationAbilityAsync(default); + } + + private void AssertUpdatedOrganization(Func organizationMatcher, SutProvider sutProvider) + { + sutProvider.GetDependency().Received(1).ReplaceAsync(organizationMatcher()); + sutProvider.GetDependency().Received(1).UpsertOrganizationAbilityAsync(organizationMatcher()); } } diff --git a/test/Core.Test/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQueryTests.cs b/test/Core.Test/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQueryTests.cs new file mode 100644 index 0000000000..375fcc66a2 --- /dev/null +++ b/test/Core.Test/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQueryTests.cs @@ -0,0 +1,110 @@ +using Bit.Core.Entities; +using Bit.Core.Exceptions; +using Bit.Core.OrganizationFeatures.OrganizationUsers; +using Bit.Core.Repositories; +using Bit.Test.Common.AutoFixture; +using Bit.Test.Common.AutoFixture.Attributes; +using NSubstitute; +using Xunit; + +namespace Bit.Core.Test.OrganizationFeatures.OrganizationUsers; + +[SutProviderCustomize] +public class CountNewSmSeatsRequiredQueryTests +{ + [Theory] + [BitAutoData(2, 5, 2, 0)] + [BitAutoData(0, 5, 2, 0)] + [BitAutoData(6, 5, 2, 3)] + [BitAutoData(2, 5, 10, 7)] + public async Task CountNewSmSeatsRequiredAsync_ReturnsCorrectCount( + int usersToAdd, + int organizationSmSeats, + int currentOccupiedSmSeats, + int expectedNewSmSeatsRequired, + Organization organization, + SutProvider sutProvider) + { + organization.UseSecretsManager = true; + organization.SmSeats = organizationSmSeats; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + sutProvider.GetDependency() + .GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id) + .Returns(currentOccupiedSmSeats); + + var result = await sutProvider.Sut.CountNewSmSeatsRequiredAsync(organization.Id, usersToAdd); + + Assert.Equal(expectedNewSmSeatsRequired, result); + } + + [Theory] + [BitAutoData(0)] + [BitAutoData(5)] + public async Task CountNewSmSeatsRequiredAsync_WithNullSmSeats_ReturnsZero( + int usersToAdd, + Organization organization, + SutProvider sutProvider) + { + const int expected = 0; + + organization.UseSecretsManager = true; + organization.SmSeats = null; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + var result = await sutProvider.Sut.CountNewSmSeatsRequiredAsync(organization.Id, usersToAdd); + + Assert.Equal(expected, result); + } + + [Theory, BitAutoData] + public async Task CountNewSmSeatsRequiredAsync_WithNonExistentOrganizationId_ThrowsNotFound( + Guid organizationId, int usersToAdd, + SutProvider sutProvider) + { + await Assert.ThrowsAsync(async () => await sutProvider.Sut.CountNewSmSeatsRequiredAsync(organizationId, usersToAdd)); + } + + [Theory, BitAutoData] + public async Task CountNewSmSeatsRequiredAsync_WithOrganizationUseSecretsManagerFalse_ThrowsNotFound( + Organization organization, int usersToAdd, + SutProvider sutProvider) + { + organization.UseSecretsManager = false; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + var exception = await Assert.ThrowsAsync(async () => + await sutProvider.Sut.CountNewSmSeatsRequiredAsync(organization.Id, usersToAdd)); + Assert.Contains("Organization does not use Secrets Manager", exception.Message); + } + + [Theory, BitAutoData] + public async Task CountNewSmSeatsRequiredAsync_WithSecretsManagerBeta_ReturnsZero( + int usersToAdd, + Organization organization, + SutProvider sutProvider) + { + organization.UseSecretsManager = true; + organization.SecretsManagerBeta = true; + + sutProvider.GetDependency() + .GetByIdAsync(organization.Id) + .Returns(organization); + + var result = await sutProvider.Sut.CountNewSmSeatsRequiredAsync(organization.Id, usersToAdd); + + Assert.Equal(0, result); + + await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() + .GetOccupiedSmSeatCountByOrganizationIdAsync(default); + } +} diff --git a/test/Core.Test/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommandTests.cs b/test/Core.Test/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommandTests.cs deleted file mode 100644 index ae783bc547..0000000000 --- a/test/Core.Test/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommandTests.cs +++ /dev/null @@ -1,81 +0,0 @@ -using Bit.Core.Entities; -using Bit.Core.Repositories; -using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager; -using Bit.Test.Common.AutoFixture; -using Bit.Test.Common.AutoFixture.Attributes; -using Bit.Test.Common.Helpers; -using NSubstitute; -using Xunit; - -namespace Bit.Core.Test.SecretsManager.Commands.EnableAccessSecretsManager; - -[SutProviderCustomize] -public class EnableAccessSecretsManagerCommandTests -{ - [Theory] - [BitAutoData] - public async Task EnableUsers_UsersAlreadyEnabled_DoesNotCallRepository( - SutProvider sutProvider, ICollection data) - { - foreach (var item in data) - { - item.AccessSecretsManager = true; - } - - var result = await sutProvider.Sut.EnableUsersAsync(data); - - await sutProvider.GetDependency().DidNotReceiveWithAnyArgs() - .ReplaceManyAsync(default); - - Assert.Equal(data.Count, result.Count); - Assert.Equal(data.Count, - result.Where(x => x.error == "User already has access to Secrets Manager").ToList().Count); - } - - [Theory] - [BitAutoData] - public async Task EnableUsers_OneUserNotEnabled_CallsRepositoryForOne( - SutProvider sutProvider, ICollection data) - { - var firstUser = new List(); - foreach (var item in data) - { - if (item == data.First()) - { - item.AccessSecretsManager = false; - firstUser.Add(item); - } - else - { - item.AccessSecretsManager = true; - } - } - - var result = await sutProvider.Sut.EnableUsersAsync(data); - - await sutProvider.GetDependency().Received(1) - .ReplaceManyAsync(Arg.Is(AssertHelper.AssertPropertyEqual(firstUser))); - - Assert.Equal(data.Count, result.Count); - Assert.Equal(data.Count - 1, - result.Where(x => x.error == "User already has access to Secrets Manager").ToList().Count); - } - - [Theory] - [BitAutoData] - public async Task EnableUsers_Success( - SutProvider sutProvider, ICollection data) - { - foreach (var item in data) - { - item.AccessSecretsManager = false; - } - - var result = await sutProvider.Sut.EnableUsersAsync(data); - - await sutProvider.GetDependency().Received(1) - .ReplaceManyAsync(Arg.Is(AssertHelper.AssertPropertyEqual(data))); - - Assert.Equal(data.Count, result.Count); - } -} diff --git a/test/Core.Test/Services/OrganizationServiceTests.cs b/test/Core.Test/Services/OrganizationServiceTests.cs index b786fdb83e..07548a16d8 100644 --- a/test/Core.Test/Services/OrganizationServiceTests.cs +++ b/test/Core.Test/Services/OrganizationServiceTests.cs @@ -14,6 +14,8 @@ using Bit.Core.Models.Business; using Bit.Core.Models.Data; using Bit.Core.Models.Data.Organizations.OrganizationUsers; using Bit.Core.Models.StaticStore; +using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces; using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Core.Settings; @@ -27,6 +29,7 @@ using Bit.Core.Utilities; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; using NSubstitute; +using NSubstitute.ExceptionExtensions; using Xunit; using Organization = Bit.Core.Entities.Organization; using OrganizationUser = Bit.Core.Entities.OrganizationUser; @@ -145,6 +148,59 @@ public class OrganizationServiceTests referenceEvent.Users == expectedNewUsersCount)); } + [Theory] + [BitAutoData(PlanType.FamiliesAnnually)] + public async Task SignUp_PM_Family_Passes(PlanType planType, OrganizationSignup signup, SutProvider sutProvider) + { + signup.Plan = planType; + + var passwordManagerPlan = StaticStore.GetPasswordManagerPlan(signup.Plan); + + signup.AdditionalSeats = 0; + signup.PaymentMethodType = PaymentMethodType.Card; + signup.PremiumAccessAddon = false; + signup.UseSecretsManager = false; + + var purchaseOrganizationPlan = StaticStore.Plans.Where(x => x.Type == signup.Plan).ToList(); + + var result = await sutProvider.Sut.SignUpAsync(signup); + + await sutProvider.GetDependency().Received(1).CreateAsync( + Arg.Is(o => + o.Seats == passwordManagerPlan.BaseSeats + signup.AdditionalSeats + && o.SmSeats == null + && o.SmServiceAccounts == null)); + await sutProvider.GetDependency().Received(1).CreateAsync( + Arg.Is(o => o.AccessSecretsManager == signup.UseSecretsManager)); + + await sutProvider.GetDependency().Received(1) + .RaiseEventAsync(Arg.Is(referenceEvent => + referenceEvent.Type == ReferenceEventType.Signup && + referenceEvent.PlanName == passwordManagerPlan.Name && + referenceEvent.PlanType == passwordManagerPlan.Type && + referenceEvent.Seats == result.Item1.Seats && + referenceEvent.Storage == result.Item1.MaxStorageGb)); + // TODO: add reference events for SmSeats and Service Accounts - see AC-1481 + + Assert.NotNull(result); + Assert.NotNull(result.Item1); + Assert.NotNull(result.Item2); + Assert.IsType>(result); + + await sutProvider.GetDependency().Received(1).PurchaseOrganizationAsync( + Arg.Any(), + signup.PaymentMethodType.Value, + signup.PaymentToken, + Arg.Is>(plan => plan.Single() == passwordManagerPlan), + signup.AdditionalStorageGb, + signup.AdditionalSeats, + signup.PremiumAccessAddon, + signup.TaxInfo, + false, + signup.AdditionalSmSeats.GetValueOrDefault(), + signup.AdditionalServiceAccounts.GetValueOrDefault() + ); + } [Theory] [BitAutoData(PlanType.EnterpriseAnnually)] @@ -586,6 +642,97 @@ public class OrganizationServiceTests await sutProvider.GetDependency().Received(1).LogOrganizationUserEventsAsync(Arg.Any>()); } + [Theory, BitAutoData] + public async Task InviteUser_WithSecretsManager_Passes(Organization organization, + IEnumerable<(OrganizationUserInvite invite, string externalId)> invites, + [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser, + SutProvider sutProvider) + { + InviteUserHelper_ArrangeValidPermissions(organization, savingUser, sutProvider); + + // Set up some invites to grant access to SM + invites.First().invite.AccessSecretsManager = true; + var invitedSmUsers = invites.First().invite.Emails.Count(); + + // Assume we need to add seats for all invited SM users + sutProvider.GetDependency() + .CountNewSmSeatsRequiredAsync(organization.Id, invitedSmUsers).Returns(invitedSmUsers); + + await sutProvider.Sut.InviteUsersAsync(organization.Id, savingUser.Id, invites); + + sutProvider.GetDependency().Received(1) + .UpdateSubscriptionAsync(Arg.Is(update => + update.SmSeats == organization.SmSeats + invitedSmUsers && + !update.SmServiceAccountsChanged && + !update.MaxAutoscaleSmSeatsChanged && + !update.MaxAutoscaleSmSeatsChanged)); + } + + [Theory, BitAutoData] + public async Task InviteUser_WithSecretsManager_WhenErrorIsThrown_RevertsAutoscaling(Organization organization, + IEnumerable<(OrganizationUserInvite invite, string externalId)> invites, + [OrganizationUser(type: OrganizationUserType.Owner, status: OrganizationUserStatusType.Confirmed)] OrganizationUser savingUser, + SutProvider sutProvider) + { + var initialSmSeats = organization.SmSeats; + InviteUserHelper_ArrangeValidPermissions(organization, savingUser, sutProvider); + + // Set up some invites to grant access to SM + invites.First().invite.AccessSecretsManager = true; + var invitedSmUsers = invites.First().invite.Emails.Count(); + + // Assume we need to add seats for all invited SM users + sutProvider.GetDependency() + .CountNewSmSeatsRequiredAsync(organization.Id, invitedSmUsers).Returns(invitedSmUsers); + + // Mock SecretsManagerSubscriptionUpdateCommand to actually change the organization's subscription in memory + sutProvider.GetDependency() + .UpdateSubscriptionAsync(Arg.Any()) + .ReturnsForAnyArgs(Task.FromResult(0)).AndDoes(x => organization.SmSeats += invitedSmUsers); + + // Throw error at the end of the try block + sutProvider.GetDependency().RaiseEventAsync(default).ThrowsForAnyArgs(); + + await Assert.ThrowsAsync(async () => await sutProvider.Sut.InviteUsersAsync(organization.Id, savingUser.Id, invites)); + + // OrgUser is reverted + // Note: we don't know what their guids are so comparing length is the best we can do + var invitedEmails = invites.SelectMany(i => i.invite.Emails); + sutProvider.GetDependency().Received(1).DeleteManyAsync( + Arg.Is>(ids => ids.Count() == invitedEmails.Count())); + + Received.InOrder(() => + { + // Initial autoscaling + sutProvider.GetDependency() + .UpdateSubscriptionAsync(Arg.Is(update => + update.SmSeats == initialSmSeats + invitedSmUsers && + !update.SmServiceAccountsChanged && + !update.MaxAutoscaleSmSeatsChanged && + !update.MaxAutoscaleSmSeatsChanged)); + + // Revert autoscaling + sutProvider.GetDependency() + .UpdateSubscriptionAsync(Arg.Is(update => + update.SmSeats == initialSmSeats && + !update.SmServiceAccountsChanged && + !update.MaxAutoscaleSmSeatsChanged && + !update.MaxAutoscaleSmSeatsChanged)); + }); + } + + private void InviteUserHelper_ArrangeValidPermissions(Organization organization, OrganizationUser savingUser, + SutProvider sutProvider) + { + savingUser.OrganizationId = organization.Id; + organization.UseCustomPermissions = true; + sutProvider.GetDependency().GetByIdAsync(organization.Id).Returns(organization); + sutProvider.GetDependency().OrganizationOwner(organization.Id).Returns(true); + sutProvider.GetDependency().ManageUsers(organization.Id).Returns(true); + sutProvider.GetDependency().GetManyByOrganizationAsync(savingUser.OrganizationId, OrganizationUserType.Owner) + .Returns(new List { savingUser }); + } + [Theory, BitAutoData] public async Task SaveUser_NoUserId_Throws(OrganizationUser user, Guid? savingUserId, IEnumerable collections, IEnumerable groups, SutProvider sutProvider) @@ -1534,4 +1681,154 @@ public class OrganizationServiceTests Assert.Equal(includeProvider, result); } + [Theory] + [BitAutoData(PlanType.EnterpriseAnnually2019)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenInvalidPlanSelected( + PlanType planType, SutProvider sutProvider) + { + var plan = StaticStore.Plans.FirstOrDefault(x => x.Type == planType); + + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 1, + AdditionalServiceAccounts = 10, + AdditionalSeats = 1 + }; + + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("Invalid Secrets Manager plan selected.", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.TeamsAnnually)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenNoSecretsManagerSeats(PlanType planType, SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 0, + AdditionalServiceAccounts = 5, + AdditionalSeats = 2 + }; + + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("You do not have any Secrets Manager seats!", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.Free)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenSubtractingSeats(PlanType planType, SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = -1, + AdditionalServiceAccounts = 5 + }; + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("You can't subtract Secrets Manager seats!", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.Free)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenPlanDoesNotAllowAdditionalServiceAccounts( + PlanType planType, + SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 2, + AdditionalServiceAccounts = 5, + AdditionalSeats = 3 + }; + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("Plan does not allow additional Service Accounts.", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.TeamsAnnually)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenMoreSeatsThanPasswordManagerSeats(PlanType planType, SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 4, + AdditionalServiceAccounts = 5, + AdditionalSeats = 3 + }; + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("You cannot have more Secrets Manager seats than Password Manager seats.", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.TeamsAnnually)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenSubtractingServiceAccounts( + PlanType planType, + SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 4, + AdditionalServiceAccounts = -5, + AdditionalSeats = 5 + }; + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("You can't subtract Service Accounts!", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.Free)] + public void ValidateSecretsManagerPlan_ThrowsException_WhenPlanDoesNotAllowAdditionalUsers( + PlanType planType, + SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 2, + AdditionalServiceAccounts = 0, + AdditionalSeats = 5 + }; + var exception = Assert.Throws(() => sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup)); + Assert.Contains("Plan does not allow additional users.", exception.Message); + } + + [Theory] + [BitAutoData(PlanType.TeamsAnnually)] + [BitAutoData(PlanType.TeamsMonthly)] + [BitAutoData(PlanType.EnterpriseAnnually)] + [BitAutoData(PlanType.EnterpriseMonthly)] + public void ValidateSecretsManagerPlan_ValidPlan_NoExceptionThrown( + PlanType planType, + SutProvider sutProvider) + { + var plan = StaticStore.SecretManagerPlans.FirstOrDefault(x => x.Type == planType); + var signup = new OrganizationUpgrade + { + UseSecretsManager = true, + AdditionalSmSeats = 2, + AdditionalServiceAccounts = 0, + AdditionalSeats = 4 + }; + + sutProvider.Sut.ValidateSecretsManagerPlan(plan, signup); + } }