[Key Connector] Fix policy checks and other pre-reqs (#1711)

* Require SSO Policy to enable Key Connector

* Require that SSO is enabled to use Key Connector

* Fix error messages

"Key Connector" instead of "KeyConnector"

* Refactor dependent policy checks to handle expansion

* Block disabling Sso Policy if using Key Connector

* Update tests for policies required by Key Connector

* Fix tests

* Add test for Key Connector to require Sso Policy

* Add test: Sso config must be enabled to use Key Connector

test/Core.Test/Services/SsoConfigServiceTests.cs

@@ -145,7 +145,7 @@ namespace Bit.Core.Test.Services
         }
 
         [Theory, CustomAutoData(typeof(SutProviderCustomization))]
-        public async Task SaveAsync_KeyConnector_SingleOrgNotEnabled(SutProvider<SsoConfigService> sutProvider)
+        public async Task SaveAsync_KeyConnector_SingleOrgNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
         {
             var utcNow = DateTime.UtcNow;
 
@@ -162,7 +162,67 @@ namespace Bit.Core.Test.Services
             var exception = await Assert.ThrowsAsync<BadRequestException>(
                 () => sutProvider.Sut.SaveAsync(ssoConfig));
 
-            Assert.Contains("KeyConnector requires Single Organization to be enabled.", exception.Message);
+            Assert.Contains("Key Connector requires the Single Organization policy to be enabled.", exception.Message);
+
+            await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
+                .UpsertAsync(default);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveAsync_KeyConnector_SsoPolicyNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
+        {
+            var utcNow = DateTime.UtcNow;
+
+            var ssoConfig = new SsoConfig
+            {
+                Id = default,
+                Data = "{\"useKeyConnector\": true}",
+                Enabled = true,
+                OrganizationId = Guid.NewGuid(),
+                CreationDate = utcNow.AddDays(-10),
+                RevisionDate = utcNow.AddDays(-10),
+            };
+
+            sutProvider.GetDependency<IPolicyRepository>().GetByOrganizationIdTypeAsync(
+                Arg.Any<Guid>(), Enums.PolicyType.SingleOrg).Returns(new Policy
+                {
+                    Enabled = true
+                });
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveAsync(ssoConfig));
+
+            Assert.Contains("Key Connector requires the Single Sign-On Authentication policy to be enabled.", exception.Message);
+
+            await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
+                .UpsertAsync(default);
+        }
+
+        [Theory, CustomAutoData(typeof(SutProviderCustomization))]
+        public async Task SaveAsync_KeyConnector_SsoConfigNotEnabled_Throws(SutProvider<SsoConfigService> sutProvider)
+        {
+            var utcNow = DateTime.UtcNow;
+
+            var ssoConfig = new SsoConfig
+            {
+                Id = default,
+                Data = "{\"useKeyConnector\": true}",
+                Enabled = false,
+                OrganizationId = Guid.NewGuid(),
+                CreationDate = utcNow.AddDays(-10),
+                RevisionDate = utcNow.AddDays(-10),
+            };
+
+            sutProvider.GetDependency<IPolicyRepository>().GetByOrganizationIdTypeAsync(
+                Arg.Any<Guid>(), Arg.Any<Enums.PolicyType>()).Returns(new Policy
+                {
+                    Enabled = true
+                });
+
+            var exception = await Assert.ThrowsAsync<BadRequestException>(
+                () => sutProvider.Sut.SaveAsync(ssoConfig));
+
+            Assert.Contains("You must enable SSO to use Key Connector.", exception.Message);
 
             await sutProvider.GetDependency<ISsoConfigRepository>().DidNotReceiveWithAnyArgs()
                 .UpsertAsync(default);