mirror of
https://github.com/bitwarden/server.git
synced 2025-07-02 08:32:50 -05:00
[AC-1512] Feature: Secrets Manager Billing - round 2 (#3119)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem
- Add a helper method to determine the appropriate addon type based on the subscription items StripeId
* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId
* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct
* Add SecretsManagerBilling feature flag to Constants
* [AC 1409] Secrets Manager Subscription Stripe Integration (#3019)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Resolve the pr comments
* remove unused code
* Added for sm validation test
* Fix the whitespace format issues
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update
* SM-802: Run EF Migrations for SecretsManagerBeta
* SM-802: Update the two Org procs and View, and move data migration to a separate file
* SM-802: Add missing comma to Organization_Create
* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)
* SM-802: Remove extra GO statement from data migration script
* [AC 1460] Update Stripe Configuration (#3070)
* change the stripeseat id
* change service accountId to align with new product
* make all the Id name for consistent
* SM-802: Add SecretsManagerBeta to OrganizationResponseModel
* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.
* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes
* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)
* Create UpgradeSecretsManagerSubscription command
---------
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* SM-802: Remove SecretsManagerBetaColumn migration
* SM-802: Add SecretsManagerBetaColumn migration
* SM-802: Remove OrganizationUserOrganizationDetailsView update
* [AC-1495] Extract UpgradePlanAsync into a command (#3081)
* This is a pure lift & shift with no refactors
* Only register subscription commands in Api
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
* [AC-1503] Fix Stripe integration on organization upgrade (#3084)
* Fix SM parameters not being passed to Stripe
* Fix flaky test
* Fix error message
* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)
* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)
* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)
* Revert changes to ReferenceEvent code (#3091)
* Revert changes to ReferenceEvent code
This will be done in AC-1481
* Revert ReferenceEventType change
* Move NoopServiceAccountRepository to SM and update namespace
* [AC-1462] Add secrets manager service accounts autoscaling commands (#3059)
* Adding the Secret manager to the Plan List
* Adding the unit test for the StaticStoreTests class
* Fix whitespace formatting
* Fix whitespace formatting
* Price update
* Resolving the PR comments
* Resolving PR comments
* Fixing the whitespace
* only password manager plans are return for now
* format whitespace
* Resolve the test issue
* Fixing the failing test
* Refactoring the Plan separation
* add a unit test for SingleOrDefault
* Fix the whitespace format
* Separate the PM and SM plans
* Fixing the whitespace
* Remove unnecessary directive
* Fix imports ordering
* Fix imports ordering
* Resolve imports ordering
* Fixing imports ordering
* Fix response model, add MaxProjects
* Fix filename
* Fix format
* Fix: seat price should match annual/monthly
* Fix service account annual pricing
* Changes for secret manager signup and upgradeplan
* Changes for secrets manager signup and upgrade
* refactoring the code
* Format whitespace
* remove unnecessary using directive
* Changes for subscription Update
* Update the seatAdjustment and update
* Resolve the PR comment on Subscription creation
* Resolve PR comment
* Add password manager to the error message
* Add UseSecretsManager to the event log
* Resolve PR comment on plan validation
* Resolving pr comments for service account count
* Resolving pr comments for service account count
* Resolve the pr comments
* Remove the store procedure that is no-longer needed
* Add a new class for update subscription
* Modify the Update subscription for sm
* Add the missing property
* Rename a property properly
* Resolving the PR comment
* Resolve PR comments
* Resolving PR comments
* Resolving the Pr comments
* Resolving some PR comments
* Resolving the PR comments
* Resolving the build identity build
* Add additional Validation
* Resolve the Lint issues
* remove unnecessary using directive
* Remove the white spaces
* Adding unit test for the stripe payment
* Remove the incomplete test
* Fixing the failing test
* Fix the failing test
* Fix the fail test on organization service
* Fix the failing unit test
* Fix the whitespace format
* Fix the failing test
* Fix the whitespace format
* resolve pr comments
* Fix the lint message
* refactor the code
* Fix the failing Test
* adding a new endpoint
* Remove the unwanted code
* Changes for Command and Queries
* changes for command and queries
* Fix the Lint issues
* Fix imports ordering
* Resolve the PR comments
* resolve pr comments
* Resolve pr comments
* Fix the failing test on adjustSeatscommandtests
* Fix the failing test
* Fix the whitespaces
* resolve failing test
* rename a property
* Resolve the pr comments
* refactoring the existing implementation
* Resolve the whitespaces format issue
* Resolve the pr comments
* [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests
* [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery
* [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation
* Add more unit testing
* fix the whitespaces issues
* [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand
* Add more unit test
* Remove unnecessary directive
* Resolve some pr comments
* Adding more unit test
* adding more test
* add more test
* Resolving some pr comments
* Resolving some pr comments
* Resolving some pr comments
* resolve some pr comments
* Resolving pr comments
* remove whitespaces
* remove white spaces
* Resolving pr comments
* resolving pr comments and fixing white spaces
* resolving the lint error
* Run dotnet format
* resolving the pr comments
* Add a missing properties to plan response model
* Add the email sender for sm seat and service acct
* Add the email sender for sm seat and service acct
* Fix the failing test after email sender changes
* Add staticstorewrapper to properly test the plans
* Add more test and validate the existing test
* Fix the white spaces issues
* Remove staticstorewrapper and fix the test
* fix a null issue on autoscaling
* Suggestion: do all seat calculations in update model
* Resolve some pr comments
* resolving some pr comments
* Return value is unnecessary
* Resolve the failing test
* resolve pr comments
* Resolve the pr comments
* Resolving admin api failure and adding more test
* Resolve the issue failing admin project
* Fixing the failed test
* Clarify naming and add comments
* Clarify naming conventions
* Dotnet format
* Fix the failing dependency
* remove similar test
* [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic
* [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand
* [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor
* [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests
* [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests
* [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests
* [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync
* [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel
* [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
* Add UsePasswordManager to sync data (#3114)
* [AC-1522] Fix service account check on upgrading (#3111)
* Resolved the checkmarx issues
* [AC-1521] Address checkmarx security feedback (#3124)
* Reinstate target attribute but add noopener noreferrer
* Update date on migration script
* Remove unused constant
* Revert "Remove unused constant"
This reverts commit 4fcb9da4d6.
This is required to make feature flags work on the client
* [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription (#3087)
---------
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* Remove duplicate migrations from incorrectly resolved merge
* [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true (#3112)
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
* [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations (#3138)
* Resolve the failing family plan
* resolve issues
* Resolve code related pr comments
* Resolve test related comments
* Resolving or comments
* [SM-809] Add service account slot limit check (#3093)
* Add service account slot limit check
* Add query to DI
* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection
* remove duplicate DI entry
* Update unit tests
* Remove comment
* Code review updates
---------
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
* [AC-1461] Secrets manager seat autoscaling (#3121)
* Add autoscaling code to invite user, save user, and bulk enable SM
flows
* Add tests
* Delete command for BulkEnableSecretsManager
* circular dependency between OrganizationService and
UpdateSecretsManagerSubscriptionCommand - fixed by temporarily
duplicating ReplaceAndUpdateCache
* Unresolvable dependencies in other services - fixed by temporarily
registering noop services and moving around some DI code
All should be resolved in PM-1880
* Refactor: improve the update object and use it to adjust values,
remove excess interfaces on the command
* Handle autoscaling-specific errors
---------
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
* Move bitwarden_license include reference into conditional block
* [AC 1526]Show current SM seat and service account usage in Bitwarden Portal (#3142)
* changes base on the tickets request
* Code refactoring
* Removed the unwanted method
* Add implementation to the new method
* Resolve some pr comments
* resolve lint issue
* resolve pr comments
* add the new noop files
* Add new noop file and resolve some pr comments
* resolve pr comments
* removed unused method
---------
Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
This commit is contained in:
Thomas Rittson
@ -1,5 +1,4 @@
|
||||
#nullable enable
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Entities;
|
||||
using Bit.Core.Enums;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.Models.Business;
|
||||
@ -8,6 +7,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
|
||||
using Bit.Core.Repositories;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Settings;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.Extensions.Logging;
|
||||
|
||||
@ -15,86 +15,57 @@ namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
|
||||
|
||||
public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubscriptionCommand
|
||||
{
|
||||
private readonly IOrganizationRepository _organizationRepository;
|
||||
private readonly IOrganizationUserRepository _organizationUserRepository;
|
||||
private readonly IPaymentService _paymentService;
|
||||
private readonly IOrganizationService _organizationService;
|
||||
private readonly IMailService _mailService;
|
||||
private readonly ILogger<UpdateSecretsManagerSubscriptionCommand> _logger;
|
||||
private readonly IServiceAccountRepository _serviceAccountRepository;
|
||||
private readonly IGlobalSettings _globalSettings;
|
||||
private readonly IOrganizationRepository _organizationRepository;
|
||||
private readonly IApplicationCacheService _applicationCacheService;
|
||||
private readonly IEventService _eventService;
|
||||
|
||||
public UpdateSecretsManagerSubscriptionCommand(
|
||||
IOrganizationRepository organizationRepository,
|
||||
IOrganizationService organizationService,
|
||||
IOrganizationUserRepository organizationUserRepository,
|
||||
IPaymentService paymentService,
|
||||
IMailService mailService,
|
||||
ILogger<UpdateSecretsManagerSubscriptionCommand> logger,
|
||||
IServiceAccountRepository serviceAccountRepository)
|
||||
IServiceAccountRepository serviceAccountRepository,
|
||||
IGlobalSettings globalSettings,
|
||||
IOrganizationRepository organizationRepository,
|
||||
IApplicationCacheService applicationCacheService,
|
||||
IEventService eventService)
|
||||
{
|
||||
_organizationRepository = organizationRepository;
|
||||
_organizationUserRepository = organizationUserRepository;
|
||||
_paymentService = paymentService;
|
||||
_organizationService = organizationService;
|
||||
_mailService = mailService;
|
||||
_logger = logger;
|
||||
_serviceAccountRepository = serviceAccountRepository;
|
||||
_globalSettings = globalSettings;
|
||||
_organizationRepository = organizationRepository;
|
||||
_applicationCacheService = applicationCacheService;
|
||||
_eventService = eventService;
|
||||
}
|
||||
|
||||
public async Task UpdateSecretsManagerSubscription(SecretsManagerSubscriptionUpdate update)
|
||||
public async Task UpdateSubscriptionAsync(SecretsManagerSubscriptionUpdate update)
|
||||
{
|
||||
var organization = await _organizationRepository.GetByIdAsync(update.OrganizationId);
|
||||
await ValidateUpdate(update);
|
||||
|
||||
ValidateOrganization(organization);
|
||||
await FinalizeSubscriptionAdjustmentAsync(update.Organization, update.Plan, update);
|
||||
|
||||
var plan = GetPlanForOrganization(organization);
|
||||
|
||||
if (update.SmSeatsChanged)
|
||||
{
|
||||
await ValidateSmSeatsUpdateAsync(organization, update, plan);
|
||||
}
|
||||
|
||||
if (update.SmServiceAccountsChanged)
|
||||
{
|
||||
await ValidateSmServiceAccountsUpdateAsync(organization, update, plan);
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmSeatsChanged)
|
||||
{
|
||||
ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan);
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmServiceAccountsChanged)
|
||||
{
|
||||
ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan);
|
||||
}
|
||||
|
||||
await FinalizeSubscriptionAdjustmentAsync(organization, plan, update);
|
||||
|
||||
await SendEmailIfAutoscaleLimitReached(organization);
|
||||
await SendEmailIfAutoscaleLimitReached(update.Organization);
|
||||
}
|
||||
|
||||
private Plan GetPlanForOrganization(Organization organization)
|
||||
public async Task AdjustServiceAccountsAsync(Organization organization, int smServiceAccountsAdjustment)
|
||||
{
|
||||
var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType);
|
||||
if (plan == null)
|
||||
var update = new SecretsManagerSubscriptionUpdate(
|
||||
organization, seatAdjustment: 0, maxAutoscaleSeats: organization?.MaxAutoscaleSmSeats,
|
||||
serviceAccountAdjustment: smServiceAccountsAdjustment, maxAutoscaleServiceAccounts: organization?.MaxAutoscaleSmServiceAccounts)
|
||||
{
|
||||
throw new BadRequestException("Existing plan not found.");
|
||||
}
|
||||
return plan;
|
||||
}
|
||||
Autoscaling = true
|
||||
};
|
||||
|
||||
private static void ValidateOrganization(Organization organization)
|
||||
{
|
||||
if (organization == null)
|
||||
{
|
||||
throw new NotFoundException("Organization is not found");
|
||||
}
|
||||
|
||||
if (!organization.UseSecretsManager)
|
||||
{
|
||||
throw new BadRequestException("Organization has no access to Secrets Manager.");
|
||||
}
|
||||
await UpdateSubscriptionAsync(update);
|
||||
}
|
||||
|
||||
private async Task FinalizeSubscriptionAdjustmentAsync(Organization organization,
|
||||
@ -122,13 +93,13 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
organization.MaxAutoscaleSmServiceAccounts = update.MaxAutoscaleSmServiceAccounts;
|
||||
}
|
||||
|
||||
await _organizationService.ReplaceAndUpdateCacheAsync(organization);
|
||||
await ReplaceAndUpdateCacheAsync(organization);
|
||||
}
|
||||
|
||||
private async Task ProcessChargesAndRaiseEventsForAdjustSeatsAsync(Organization organization, Plan plan,
|
||||
SecretsManagerSubscriptionUpdate update)
|
||||
{
|
||||
await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase);
|
||||
await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase, update.ProrationDate);
|
||||
|
||||
// TODO: call ReferenceEventService - see AC-1481
|
||||
}
|
||||
@ -137,7 +108,7 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
SecretsManagerSubscriptionUpdate update)
|
||||
{
|
||||
await _paymentService.AdjustServiceAccountsAsync(organization, plan,
|
||||
update.SmServiceAccountsExcludingBase);
|
||||
update.SmServiceAccountsExcludingBase, update.ProrationDate);
|
||||
|
||||
// TODO: call ReferenceEventService - see AC-1481
|
||||
}
|
||||
@ -170,7 +141,6 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
{
|
||||
_logger.LogError(e, $"Error encountered notifying organization owners of Seats limit reached.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private async Task SendServiceAccountLimitEmailAsync(Organization organization, int MaxAutoscaleValue)
|
||||
@ -191,16 +161,59 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
|
||||
}
|
||||
|
||||
private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
|
||||
public async Task ValidateUpdate(SecretsManagerSubscriptionUpdate update)
|
||||
{
|
||||
if (organization.SmSeats == null)
|
||||
if (_globalSettings.SelfHosted)
|
||||
{
|
||||
throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats");
|
||||
var message = update.Autoscaling
|
||||
? "Cannot autoscale on a self-hosted instance."
|
||||
: "Cannot update subscription on a self-hosted instance.";
|
||||
throw new BadRequestException(message);
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats > update.MaxAutoscaleSmSeats.Value)
|
||||
var organization = update.Organization;
|
||||
ValidateOrganization(organization);
|
||||
|
||||
var plan = GetPlanForOrganization(organization);
|
||||
|
||||
if (update.SmSeatsChanged)
|
||||
{
|
||||
throw new BadRequestException("Cannot set max seat autoscaling below seat count.");
|
||||
await ValidateSmSeatsUpdateAsync(organization, update, plan);
|
||||
}
|
||||
|
||||
if (update.SmServiceAccountsChanged)
|
||||
{
|
||||
await ValidateSmServiceAccountsUpdateAsync(organization, update, plan);
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmSeatsChanged)
|
||||
{
|
||||
ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan);
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmServiceAccountsChanged)
|
||||
{
|
||||
ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan);
|
||||
}
|
||||
}
|
||||
|
||||
private void ValidateOrganization(Organization organization)
|
||||
{
|
||||
if (organization == null)
|
||||
{
|
||||
throw new NotFoundException("Organization is not found.");
|
||||
}
|
||||
|
||||
if (!organization.UseSecretsManager)
|
||||
{
|
||||
throw new BadRequestException("Organization has no access to Secrets Manager.");
|
||||
}
|
||||
|
||||
var plan = GetPlanForOrganization(organization);
|
||||
if (plan.Product == ProductType.Free)
|
||||
{
|
||||
// No need to check the organization is set up with Stripe
|
||||
return;
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
||||
@ -212,32 +225,65 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
{
|
||||
throw new BadRequestException("No subscription found.");
|
||||
}
|
||||
}
|
||||
|
||||
if (!plan.HasAdditionalSeatsOption)
|
||||
private Plan GetPlanForOrganization(Organization organization)
|
||||
{
|
||||
var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType);
|
||||
if (plan == null)
|
||||
{
|
||||
throw new BadRequestException("Plan does not allow additional Secrets Manager seats.");
|
||||
throw new BadRequestException("Existing plan not found.");
|
||||
}
|
||||
return plan;
|
||||
}
|
||||
|
||||
private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
|
||||
{
|
||||
// Check if the organization has unlimited seats
|
||||
if (organization.SmSeats == null)
|
||||
{
|
||||
throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats");
|
||||
}
|
||||
|
||||
if (plan.BaseSeats > update.SmSeats)
|
||||
if (update.Autoscaling && update.SmSeats.Value < organization.SmSeats.Value)
|
||||
{
|
||||
throw new BadRequestException("Cannot use autoscaling to subtract seats.");
|
||||
}
|
||||
|
||||
// Check plan maximum seats
|
||||
if (!plan.HasAdditionalSeatsOption ||
|
||||
(plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value))
|
||||
{
|
||||
var planMaxSeats = plan.BaseSeats + plan.MaxAdditionalSeats.GetValueOrDefault();
|
||||
throw new BadRequestException($"You have reached the maximum number of Secrets Manager seats ({planMaxSeats}) for this plan.");
|
||||
}
|
||||
|
||||
// Check autoscale maximum seats
|
||||
if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats.Value > update.MaxAutoscaleSmSeats.Value)
|
||||
{
|
||||
var message = update.Autoscaling
|
||||
? "Secrets Manager seat limit has been reached."
|
||||
: "Cannot set max seat autoscaling below seat count.";
|
||||
throw new BadRequestException(message);
|
||||
}
|
||||
|
||||
// Check minimum seats included with plan
|
||||
if (plan.BaseSeats > update.SmSeats.Value)
|
||||
{
|
||||
throw new BadRequestException($"Plan has a minimum of {plan.BaseSeats} Secrets Manager seats.");
|
||||
}
|
||||
|
||||
if (update.SmSeats <= 0)
|
||||
// Check minimum seats required by business logic
|
||||
if (update.SmSeats.Value <= 0)
|
||||
{
|
||||
throw new BadRequestException("You must have at least 1 Secrets Manager seat.");
|
||||
}
|
||||
|
||||
if (plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value)
|
||||
{
|
||||
throw new BadRequestException($"Organization plan allows a maximum of " +
|
||||
$"{plan.MaxAdditionalSeats.Value} additional Secrets Manager seats.");
|
||||
}
|
||||
|
||||
if (organization.SmSeats.Value > update.SmSeats)
|
||||
// Check minimum seats currently in use by the organization
|
||||
if (organization.SmSeats.Value > update.SmSeats.Value)
|
||||
{
|
||||
var currentSeats = await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id);
|
||||
if (currentSeats > update.SmSeats)
|
||||
if (currentSeats > update.SmSeats.Value)
|
||||
{
|
||||
throw new BadRequestException($"Your organization currently has {currentSeats} Secrets Manager seats. " +
|
||||
$"Your plan only allows {update.SmSeats} Secrets Manager seats. Remove some Secrets Manager users.");
|
||||
@ -247,48 +293,50 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
|
||||
private async Task ValidateSmServiceAccountsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
|
||||
{
|
||||
// Check if the organization has unlimited service accounts
|
||||
if (organization.SmServiceAccounts == null)
|
||||
{
|
||||
throw new BadRequestException("Organization has no Service Accounts limit, no need to adjust Service Accounts");
|
||||
}
|
||||
|
||||
if (update.MaxAutoscaleSmServiceAccounts.HasValue && update.SmServiceAccounts > update.MaxAutoscaleSmServiceAccounts.Value)
|
||||
if (update.Autoscaling && update.SmServiceAccounts.Value < organization.SmServiceAccounts.Value)
|
||||
{
|
||||
throw new BadRequestException("Cannot set max Service Accounts autoscaling below Service Accounts count.");
|
||||
throw new BadRequestException("Cannot use autoscaling to subtract service accounts.");
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
|
||||
// Check plan maximum service accounts
|
||||
if (!plan.HasAdditionalServiceAccountOption ||
|
||||
(plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value))
|
||||
{
|
||||
throw new BadRequestException("No payment method found.");
|
||||
var planMaxServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() +
|
||||
plan.MaxAdditionalServiceAccount.GetValueOrDefault();
|
||||
throw new BadRequestException($"You have reached the maximum number of service accounts ({planMaxServiceAccounts}) for this plan.");
|
||||
}
|
||||
|
||||
if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId))
|
||||
// Check autoscale maximum service accounts
|
||||
if (update.MaxAutoscaleSmServiceAccounts.HasValue &&
|
||||
update.SmServiceAccounts.Value > update.MaxAutoscaleSmServiceAccounts.Value)
|
||||
{
|
||||
throw new BadRequestException("No subscription found.");
|
||||
var message = update.Autoscaling
|
||||
? "Secrets Manager service account limit has been reached."
|
||||
: "Cannot set max service accounts autoscaling below service account amount.";
|
||||
throw new BadRequestException(message);
|
||||
}
|
||||
|
||||
if (!plan.HasAdditionalServiceAccountOption)
|
||||
{
|
||||
throw new BadRequestException("Plan does not allow additional Service Accounts.");
|
||||
}
|
||||
|
||||
if (plan.BaseServiceAccount > update.SmServiceAccounts)
|
||||
// Check minimum service accounts included with plan
|
||||
if (plan.BaseServiceAccount.HasValue && plan.BaseServiceAccount.Value > update.SmServiceAccounts.Value)
|
||||
{
|
||||
throw new BadRequestException($"Plan has a minimum of {plan.BaseServiceAccount} Service Accounts.");
|
||||
}
|
||||
|
||||
if (update.SmServiceAccounts <= 0)
|
||||
// Check minimum service accounts required by business logic
|
||||
if (update.SmServiceAccounts.Value <= 0)
|
||||
{
|
||||
throw new BadRequestException("You must have at least 1 Service Account.");
|
||||
}
|
||||
|
||||
if (plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value)
|
||||
{
|
||||
throw new BadRequestException($"Organization plan allows a maximum of " +
|
||||
$"{plan.MaxAdditionalServiceAccount.Value} additional Service Accounts.");
|
||||
}
|
||||
|
||||
if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts)
|
||||
// Check minimum service accounts currently in use by the organization
|
||||
if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts.Value)
|
||||
{
|
||||
var currentServiceAccounts = await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(organization.Id);
|
||||
if (currentServiceAccounts > update.SmServiceAccounts)
|
||||
@ -353,4 +401,17 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
|
||||
"Reduce your max autoscale count."));
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: This is a temporary duplication of OrganizationService.ReplaceAndUpdateCache to avoid a circular dependency.
|
||||
// TODO: This should no longer be necessary when user-related methods are extracted from OrganizationService: see PM-1880
|
||||
private async Task ReplaceAndUpdateCacheAsync(Organization org, EventType? orgEvent = null)
|
||||
{
|
||||
await _organizationRepository.ReplaceAsync(org);
|
||||
await _applicationCacheService.UpsertOrganizationAbilityAsync(org);
|
||||
|
||||
if (orgEvent.HasValue)
|
||||
{
|
||||
await _eventService.LogOrganizationEventAsync(org, orgEvent.Value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user