[SM-722] Add optional access to secrets for service account lists (#3074)

* Add access to secret count to service account list * dotnet format * refactor into query * Remove duplicate * Add new method to noop
2025-06-30 23:52:50 -05:00 · 2023-08-03 10:06:34 -05:00
parent d94a54516e
commit 73c6421bd3
11 changed files with 192 additions and 17 deletions
--- a/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs
+++ b/src/Api/SecretsManager/Controllers/ServiceAccountsController.cs
@ -8,6 +8,7 @@ using Bit.Core.SecretsManager.AuthorizationRequirements;
 using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;
 using Bit.Core.SecretsManager.Commands.ServiceAccounts.Interfaces;
 using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
 using Bit.Core.SecretsManager.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
@ -26,6 +27,7 @@ public class ServiceAccountsController : Controller
    private readonly IAuthorizationService _authorizationService;
    private readonly IServiceAccountRepository _serviceAccountRepository;
    private readonly IApiKeyRepository _apiKeyRepository;
+    private readonly IServiceAccountSecretsDetailsQuery _serviceAccountSecretsDetailsQuery;
    private readonly ICreateAccessTokenCommand _createAccessTokenCommand;
    private readonly ICreateServiceAccountCommand _createServiceAccountCommand;
    private readonly IUpdateServiceAccountCommand _updateServiceAccountCommand;
@ -38,6 +40,7 @@ public class ServiceAccountsController : Controller
        IAuthorizationService authorizationService,
        IServiceAccountRepository serviceAccountRepository,
        IApiKeyRepository apiKeyRepository,
+        IServiceAccountSecretsDetailsQuery serviceAccountSecretsDetailsQuery,
        ICreateAccessTokenCommand createAccessTokenCommand,
        ICreateServiceAccountCommand createServiceAccountCommand,
        IUpdateServiceAccountCommand updateServiceAccountCommand,
@ -49,6 +52,7 @@ public class ServiceAccountsController : Controller
        _authorizationService = authorizationService;
        _serviceAccountRepository = serviceAccountRepository;
        _apiKeyRepository = apiKeyRepository;
+        _serviceAccountSecretsDetailsQuery = serviceAccountSecretsDetailsQuery;
        _createServiceAccountCommand = createServiceAccountCommand;
        _updateServiceAccountCommand = updateServiceAccountCommand;
        _deleteServiceAccountsCommand = deleteServiceAccountsCommand;
@ -57,8 +61,8 @@ public class ServiceAccountsController : Controller
    }

    [HttpGet("/organizations/{organizationId}/service-accounts")]
-    public async Task<ListResponseModel<ServiceAccountResponseModel>> ListByOrganizationAsync(
-        [FromRoute] Guid organizationId)
+    public async Task<ListResponseModel<ServiceAccountSecretsDetailsResponseModel>> ListByOrganizationAsync(
+        [FromRoute] Guid organizationId, [FromQuery] bool includeAccessToSecrets = false)
    {
        if (!_currentContext.AccessSecretsManager(organizationId))
        {
@ -69,11 +73,11 @@ public class ServiceAccountsController : Controller
        var orgAdmin = await _currentContext.OrganizationAdmin(organizationId);
        var accessClient = AccessClientHelper.ToAccessClient(_currentContext.ClientType, orgAdmin);

-        var serviceAccounts =
-            await _serviceAccountRepository.GetManyByOrganizationIdAsync(organizationId, userId, accessClient);
-
-        var responses = serviceAccounts.Select(serviceAccount => new ServiceAccountResponseModel(serviceAccount));
-        return new ListResponseModel<ServiceAccountResponseModel>(responses);
+        var results =
+            await _serviceAccountSecretsDetailsQuery.GetManyByOrganizationIdAsync(organizationId, userId, accessClient,
+                includeAccessToSecrets);
+        var responses = results.Select(r => new ServiceAccountSecretsDetailsResponseModel(r));
+        return new ListResponseModel<ServiceAccountSecretsDetailsResponseModel>(responses);
    }

    [HttpGet("{id}")]
--- a/src/Api/SecretsManager/Models/Response/ServiceAccountResponseModel.cs
+++ b/src/Api/SecretsManager/Models/Response/ServiceAccountResponseModel.cs
@ -1,5 +1,6 @@
 using Bit.Core.Models.Api;
 using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;

 namespace Bit.Api.SecretsManager.Models.Response;

@ -35,3 +36,18 @@ public class ServiceAccountResponseModel : ResponseModel

    public DateTime RevisionDate { get; set; }
 }
+
+public class ServiceAccountSecretsDetailsResponseModel : ServiceAccountResponseModel
+{
+    public ServiceAccountSecretsDetailsResponseModel(ServiceAccountSecretsDetails serviceAccountDetails) : base(serviceAccountDetails.ServiceAccount)
+    {
+        if (serviceAccountDetails == null)
+        {
+            throw new ArgumentNullException(nameof(serviceAccountDetails));
+        }
+
+        AccessToSecrets = serviceAccountDetails.AccessToSecrets;
+    }
+
+    public int AccessToSecrets { get; set; }
+}