bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-11 05:43:35 +00:00
Code Issues Releases Wiki Activity

[SM-713] Add database support for secret access policies (#3681)

Browse Source 
* mssql add column and migration

* Add secret access policies to EF models and config

* Clear new access policies on service account delete

* Add SM cleanup code on delete

* Fix EF org user bulk delete

* Run EF migrations
This commit is contained in:
Thomas Avery
2024-02-22 10:06:39 -06:00
committed by GitHub
parent 374b59bcfb
commit 1499d1e2c6
20 changed files with 8315 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
util/PostgresMigrations/Migrations/DatabaseContextModelSnapshot.cs
View File

@@ -1746,6 +1746,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("group_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("GroupId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GroupId");
b.HasIndex("GrantedSecretId");
b.HasIndex("GroupId");
b.HasDiscriminator().HasValue("group_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@@ -1777,6 +1798,7 @@ namespace Bit.PostgresMigrations.Migrations
.HasColumnName("GrantedProjectId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("ServiceAccountId");
@@ -1787,6 +1809,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("service_account_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("ServiceAccountId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("ServiceAccountId");
b.HasIndex("GrantedSecretId");
b.HasIndex("ServiceAccountId");
b.HasDiscriminator().HasValue("service_account_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@@ -1808,6 +1851,27 @@ namespace Bit.PostgresMigrations.Migrations
b.HasDiscriminator().HasValue("user_project");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
b.Property<Guid?>("GrantedSecretId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("GrantedSecretId");
b.Property<Guid?>("OrganizationUserId")
.ValueGeneratedOnUpdateSometimes()
.HasColumnType("uuid")
.HasColumnName("OrganizationUserId");
b.HasIndex("GrantedSecretId");
b.HasIndex("OrganizationUserId");
b.HasDiscriminator().HasValue("user_secret");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
@@ -2259,6 +2323,23 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("GroupAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
.WithMany()
.HasForeignKey("GroupId")
.OnDelete(DeleteBehavior.Cascade);
b.Navigation("GrantedSecret");
b.Navigation("Group");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@@ -2291,6 +2372,22 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("ServiceAccountAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
.WithMany()
.HasForeignKey("ServiceAccountId");
b.Navigation("GrantedSecret");
b.Navigation("ServiceAccount");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
@@ -2307,6 +2404,22 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
.WithMany("UserAccessPolicies")
.HasForeignKey("GrantedSecretId")
.OnDelete(DeleteBehavior.Cascade);
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
.WithMany()
.HasForeignKey("OrganizationUserId");
b.Navigation("GrantedSecret");
b.Navigation("OrganizationUser");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
{
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
@@ -2390,6 +2503,15 @@ namespace Bit.PostgresMigrations.Migrations
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
{
b.Navigation("GroupAccessPolicies");
b.Navigation("ServiceAccountAccessPolicies");
b.Navigation("UserAccessPolicies");
});
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
{
b.Navigation("GroupAccessPolicies");