mirror of
https://github.com/bitwarden/server.git
synced 2025-06-30 15:42:48 -05:00
[BEEEP][SM-893] Add the ability to run SM integration tests as a service account (#3187)
* Add the ability to run SM integration tests as a service account
This commit is contained in:
Thomas Avery
@ -1,7 +1,7 @@
|
||||
using System.Net;
|
||||
using System.Net.Http.Headers;
|
||||
using Bit.Api.IntegrationTest.Factories;
|
||||
using Bit.Api.IntegrationTest.SecretsManager.Enums;
|
||||
using Bit.Api.IntegrationTest.SecretsManager.Helpers;
|
||||
using Bit.Api.Models.Response;
|
||||
using Bit.Api.SecretsManager.Models.Request;
|
||||
using Bit.Api.SecretsManager.Models.Response;
|
||||
@ -24,6 +24,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
|
||||
private readonly HttpClient _client;
|
||||
private readonly ApiApplicationFactory _factory;
|
||||
private readonly LoginHelper _loginHelper;
|
||||
|
||||
private readonly IAccessPolicyRepository _accessPolicyRepository;
|
||||
private readonly IApiKeyRepository _apiKeyRepository;
|
||||
@ -39,6 +40,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
_serviceAccountRepository = _factory.GetService<IServiceAccountRepository>();
|
||||
_accessPolicyRepository = _factory.GetService<IAccessPolicyRepository>();
|
||||
_apiKeyRepository = _factory.GetService<IApiKeyRepository>();
|
||||
_loginHelper = new LoginHelper(_factory, _client);
|
||||
}
|
||||
|
||||
public async Task InitializeAsync()
|
||||
@ -54,12 +56,6 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
return Task.CompletedTask;
|
||||
}
|
||||
|
||||
private async Task LoginAsync(string email)
|
||||
{
|
||||
var tokens = await _factory.LoginAsync(email);
|
||||
_client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", tokens.Token);
|
||||
}
|
||||
|
||||
[Theory]
|
||||
[InlineData(false, false, false)]
|
||||
[InlineData(false, false, true)]
|
||||
@ -71,7 +67,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var response = await _client.GetAsync($"/organizations/{org.Id}/service-accounts");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
@ -81,7 +77,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task ListByOrganization_Admin_Success()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org);
|
||||
|
||||
@ -90,7 +86,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.NotEmpty(result.Data);
|
||||
Assert.Equal(serviceAccountIds.Count, result.Data.Count());
|
||||
}
|
||||
|
||||
@ -99,7 +95,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccountIds = await SetupGetServiceAccountsByOrganizationAsync(org);
|
||||
|
||||
@ -120,7 +116,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<ListResponseModel<ServiceAccountResponseModel>>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.NotEmpty(result!.Data);
|
||||
Assert.NotEmpty(result.Data);
|
||||
Assert.Equal(2, result.Data.Count());
|
||||
}
|
||||
|
||||
@ -135,7 +131,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task GetByServiceAccountId_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -150,8 +146,8 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
[Fact]
|
||||
public async Task GetByServiceAccountId_ServiceAccountDoesNotExist_NotFound()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _organizationHelper.Initialize(true, true, true);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var response = await _client.GetAsync($"/service-accounts/{new Guid()}");
|
||||
Assert.Equal(HttpStatusCode.NotFound, response.StatusCode);
|
||||
@ -162,7 +158,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -185,7 +181,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(serviceAccount.Id, result!.Id);
|
||||
Assert.Equal(serviceAccount.Id, result.Id);
|
||||
Assert.Equal(serviceAccount.OrganizationId, result.OrganizationId);
|
||||
Assert.Equal(serviceAccount.Name, result.Name);
|
||||
Assert.Equal(serviceAccount.CreationDate, result.CreationDate);
|
||||
@ -203,7 +199,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var request = new ServiceAccountCreateRequestModel { Name = _mockEncryptedString };
|
||||
|
||||
@ -217,7 +213,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task Create_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var orgUserId = adminOrgUser.Id;
|
||||
var currentUserId = adminOrgUser.UserId!.Value;
|
||||
@ -225,7 +221,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
orgUserId = orgUser.Id;
|
||||
currentUserId = orgUser.UserId!.Value;
|
||||
}
|
||||
@ -237,7 +233,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.Equal(request.Name, result.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
AssertHelper.AssertRecent(result.CreationDate);
|
||||
|
||||
@ -270,7 +266,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -289,7 +285,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -307,7 +303,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task Update_NonExistingServiceAccount_NotFound()
|
||||
{
|
||||
await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var request = new ServiceAccountUpdateRequestModel { Name = _mockNewName };
|
||||
|
||||
@ -328,7 +324,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
response.EnsureSuccessStatusCode();
|
||||
var result = await response.Content.ReadFromJsonAsync<ServiceAccountResponseModel>();
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.Equal(request.Name, result.Name);
|
||||
Assert.NotEqual(initialServiceAccount.Name, result.Name);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
Assert.NotEqual(initialServiceAccount.RevisionDate, result.RevisionDate);
|
||||
@ -353,7 +349,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -372,7 +368,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -405,12 +401,12 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
|
||||
if (permissionType == PermissionType.RunAsAdmin)
|
||||
{
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
}
|
||||
else
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
|
||||
new UserServiceAccountAccessPolicy
|
||||
@ -443,7 +439,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task GetAccessTokens_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -460,7 +456,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -485,7 +481,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task GetAccessTokens_Success(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -496,7 +492,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
if (permissionType == PermissionType.RunAsUserWithPermission)
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
|
||||
new UserServiceAccountAccessPolicy
|
||||
@ -540,7 +536,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task CreateAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -565,7 +561,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task CreateAccessToken_Admin()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -587,7 +583,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.Equal(request.Name, result.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Equal(mockExpiresAt, result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
@ -599,7 +595,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -623,7 +619,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.Equal(request.Name, result.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Equal(mockExpiresAt, result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
@ -635,7 +631,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -660,7 +656,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task CreateAccessToken_ExpireAtNull_Admin()
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -681,7 +677,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
var result = await response.Content.ReadFromJsonAsync<AccessTokenCreationResponseModel>();
|
||||
|
||||
Assert.NotNull(result);
|
||||
Assert.Equal(request.Name, result!.Name);
|
||||
Assert.Equal(request.Name, result.Name);
|
||||
Assert.NotNull(result.ClientSecret);
|
||||
Assert.Null(result.ExpireAt);
|
||||
AssertHelper.AssertRecent(result.RevisionDate);
|
||||
@ -699,7 +695,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
public async Task RevokeAccessToken_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -730,7 +726,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var serviceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -782,12 +778,12 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
|
||||
if (permissionType == PermissionType.RunAsAdmin)
|
||||
{
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
}
|
||||
else
|
||||
{
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
await _accessPolicyRepository.CreateManyAsync(new List<BaseAccessPolicy> {
|
||||
new UserServiceAccountAccessPolicy
|
||||
@ -847,7 +843,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
private async Task<ServiceAccount> SetupServiceAccountWithAccessAsync(PermissionType permissionType)
|
||||
{
|
||||
var (org, _) = await _organizationHelper.Initialize(true, true, true);
|
||||
await LoginAsync(_email);
|
||||
await _loginHelper.LoginAsync(_email);
|
||||
|
||||
var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount
|
||||
{
|
||||
@ -861,7 +857,7 @@ public class ServiceAccountsControllerTests : IClassFixture<ApiApplicationFactor
|
||||
}
|
||||
|
||||
var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true);
|
||||
await LoginAsync(email);
|
||||
await _loginHelper.LoginAsync(email);
|
||||
|
||||
var accessPolicies = new List<BaseAccessPolicy>
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user