mirror of
https://github.com/bitwarden/server
synced 2026-01-02 08:33:48 +00:00
[SM-473] Access Policies - Service Accounts (#2658)
* Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
This commit is contained in:
Thomas Avery
GitHub
@@ -13,7 +13,7 @@ public class AccessPoliciesCreateRequest
|
||||
|
||||
public IEnumerable<AccessPolicyRequest>? ServiceAccountAccessPolicyRequests { get; set; }
|
||||
|
||||
public List<BaseAccessPolicy> ToBaseAccessPoliciesForProject(Guid projectId)
|
||||
public List<BaseAccessPolicy> ToBaseAccessPoliciesForProject(Guid grantedProjectId)
|
||||
{
|
||||
if (UserAccessPolicyRequests == null && GroupAccessPolicyRequests == null && ServiceAccountAccessPolicyRequests == null)
|
||||
{
|
||||
@@ -21,18 +21,55 @@ public class AccessPoliciesCreateRequest
|
||||
}
|
||||
|
||||
var userAccessPolicies = UserAccessPolicyRequests?
|
||||
.Select(x => x.ToUserProjectAccessPolicy(projectId)).ToList();
|
||||
.Select(x => x.ToUserProjectAccessPolicy(grantedProjectId)).ToList();
|
||||
|
||||
var groupAccessPolicies = GroupAccessPolicyRequests?
|
||||
.Select(x => x.ToGroupProjectAccessPolicy(projectId)).ToList();
|
||||
.Select(x => x.ToGroupProjectAccessPolicy(grantedProjectId)).ToList();
|
||||
|
||||
var serviceAccountAccessPolicies = ServiceAccountAccessPolicyRequests?
|
||||
.Select(x => x.ToServiceAccountProjectAccessPolicy(projectId)).ToList();
|
||||
.Select(x => x.ToServiceAccountProjectAccessPolicy(grantedProjectId)).ToList();
|
||||
|
||||
var policies = new List<BaseAccessPolicy>();
|
||||
if (userAccessPolicies != null) { policies.AddRange(userAccessPolicies); }
|
||||
if (groupAccessPolicies != null) { policies.AddRange(groupAccessPolicies); }
|
||||
if (serviceAccountAccessPolicies != null) { policies.AddRange(serviceAccountAccessPolicies); }
|
||||
if (userAccessPolicies != null)
|
||||
{
|
||||
policies.AddRange(userAccessPolicies);
|
||||
}
|
||||
|
||||
if (groupAccessPolicies != null)
|
||||
{
|
||||
policies.AddRange(groupAccessPolicies);
|
||||
}
|
||||
|
||||
if (serviceAccountAccessPolicies != null)
|
||||
{
|
||||
policies.AddRange(serviceAccountAccessPolicies);
|
||||
}
|
||||
return policies;
|
||||
}
|
||||
|
||||
public List<BaseAccessPolicy> ToBaseAccessPoliciesForServiceAccount(Guid grantedServiceAccountId)
|
||||
{
|
||||
if (UserAccessPolicyRequests == null && GroupAccessPolicyRequests == null)
|
||||
{
|
||||
throw new BadRequestException("No creation requests provided.");
|
||||
}
|
||||
|
||||
var userAccessPolicies = UserAccessPolicyRequests?
|
||||
.Select(x => x.ToUserServiceAccountAccessPolicy(grantedServiceAccountId)).ToList();
|
||||
|
||||
var groupAccessPolicies = GroupAccessPolicyRequests?
|
||||
.Select(x => x.ToGroupServiceAccountAccessPolicy(grantedServiceAccountId)).ToList();
|
||||
|
||||
var policies = new List<BaseAccessPolicy>();
|
||||
if (userAccessPolicies != null)
|
||||
{
|
||||
policies.AddRange(userAccessPolicies);
|
||||
}
|
||||
|
||||
if (groupAccessPolicies != null)
|
||||
{
|
||||
policies.AddRange(groupAccessPolicies);
|
||||
}
|
||||
return policies;
|
||||
}
|
||||
}
|
||||
@@ -74,4 +111,22 @@ public class AccessPolicyRequest
|
||||
Read = Read,
|
||||
Write = Write
|
||||
};
|
||||
|
||||
public UserServiceAccountAccessPolicy ToUserServiceAccountAccessPolicy(Guid id) =>
|
||||
new()
|
||||
{
|
||||
OrganizationUserId = GranteeId,
|
||||
GrantedServiceAccountId = id,
|
||||
Read = Read,
|
||||
Write = Write
|
||||
};
|
||||
|
||||
public GroupServiceAccountAccessPolicy ToGroupServiceAccountAccessPolicy(Guid id) =>
|
||||
new()
|
||||
{
|
||||
GroupId = GranteeId,
|
||||
GrantedServiceAccountId = id,
|
||||
Read = Read,
|
||||
Write = Write
|
||||
};
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@ public class ProjectAccessPoliciesResponseModel : ResponseModel
|
||||
: base(_objectName)
|
||||
{
|
||||
foreach (var baseAccessPolicy in baseAccessPolicies)
|
||||
{
|
||||
switch (baseAccessPolicy)
|
||||
{
|
||||
case UserProjectAccessPolicy accessPolicy:
|
||||
@@ -24,6 +25,7 @@ public class ProjectAccessPoliciesResponseModel : ResponseModel
|
||||
new ServiceAccountProjectAccessPolicyResponseModel(accessPolicy));
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public ProjectAccessPoliciesResponseModel() : base(_objectName)
|
||||
|
||||
@@ -0,0 +1,39 @@
|
||||
using Bit.Core.Models.Api;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Models.Response;
|
||||
|
||||
public class ServiceAccountAccessPoliciesResponseModel : ResponseModel
|
||||
{
|
||||
private const string _objectName = "serviceAccountAccessPolicies";
|
||||
|
||||
public ServiceAccountAccessPoliciesResponseModel(IEnumerable<BaseAccessPolicy> baseAccessPolicies)
|
||||
: base(_objectName)
|
||||
{
|
||||
if (baseAccessPolicies == null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
foreach (var baseAccessPolicy in baseAccessPolicies)
|
||||
{
|
||||
switch (baseAccessPolicy)
|
||||
{
|
||||
case UserServiceAccountAccessPolicy accessPolicy:
|
||||
UserAccessPolicies.Add(new UserServiceAccountAccessPolicyResponseModel(accessPolicy));
|
||||
break;
|
||||
case GroupServiceAccountAccessPolicy accessPolicy:
|
||||
GroupAccessPolicies.Add(new GroupServiceAccountAccessPolicyResponseModel(accessPolicy));
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public ServiceAccountAccessPoliciesResponseModel() : base(_objectName)
|
||||
{
|
||||
}
|
||||
|
||||
public List<UserServiceAccountAccessPolicyResponseModel> UserAccessPolicies { get; set; } = new();
|
||||
|
||||
public List<GroupServiceAccountAccessPolicyResponseModel> GroupAccessPolicies { get; set; } = new();
|
||||
}
|
||||
Reference in New Issue
Block a user