[SM-473] Access Policies - Service Accounts (#2658)

* Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2025-12-16 16:23:31 +00:00 · 2023-02-07 14:30:22 -06:00
parent cf669286ed
commit 1ee14d93e6
11 changed files with 1030 additions and 305 deletions
--- a/src/Api/SecretsManager/Models/Request/AccessPoliciesCreateRequest.cs
+++ b/src/Api/SecretsManager/Models/Request/AccessPoliciesCreateRequest.cs
@@ -13,7 +13,7 @@ public class AccessPoliciesCreateRequest

    public IEnumerable<AccessPolicyRequest>? ServiceAccountAccessPolicyRequests { get; set; }

-    public List<BaseAccessPolicy> ToBaseAccessPoliciesForProject(Guid projectId)
+    public List<BaseAccessPolicy> ToBaseAccessPoliciesForProject(Guid grantedProjectId)
    {
        if (UserAccessPolicyRequests == null && GroupAccessPolicyRequests == null && ServiceAccountAccessPolicyRequests == null)
        {
@@ -21,18 +21,55 @@ public class AccessPoliciesCreateRequest
        }

        var userAccessPolicies = UserAccessPolicyRequests?
-            .Select(x => x.ToUserProjectAccessPolicy(projectId)).ToList();
+            .Select(x => x.ToUserProjectAccessPolicy(grantedProjectId)).ToList();

        var groupAccessPolicies = GroupAccessPolicyRequests?
-            .Select(x => x.ToGroupProjectAccessPolicy(projectId)).ToList();
+            .Select(x => x.ToGroupProjectAccessPolicy(grantedProjectId)).ToList();

        var serviceAccountAccessPolicies = ServiceAccountAccessPolicyRequests?
-            .Select(x => x.ToServiceAccountProjectAccessPolicy(projectId)).ToList();
+            .Select(x => x.ToServiceAccountProjectAccessPolicy(grantedProjectId)).ToList();

        var policies = new List<BaseAccessPolicy>();
-        if (userAccessPolicies != null) { policies.AddRange(userAccessPolicies); }
-        if (groupAccessPolicies != null) { policies.AddRange(groupAccessPolicies); }
-        if (serviceAccountAccessPolicies != null) { policies.AddRange(serviceAccountAccessPolicies); }
+        if (userAccessPolicies != null)
+        {
+            policies.AddRange(userAccessPolicies);
+        }
+
+        if (groupAccessPolicies != null)
+        {
+            policies.AddRange(groupAccessPolicies);
+        }
+
+        if (serviceAccountAccessPolicies != null)
+        {
+            policies.AddRange(serviceAccountAccessPolicies);
+        }
+        return policies;
+    }
+
+    public List<BaseAccessPolicy> ToBaseAccessPoliciesForServiceAccount(Guid grantedServiceAccountId)
+    {
+        if (UserAccessPolicyRequests == null && GroupAccessPolicyRequests == null)
+        {
+            throw new BadRequestException("No creation requests provided.");
+        }
+
+        var userAccessPolicies = UserAccessPolicyRequests?
+            .Select(x => x.ToUserServiceAccountAccessPolicy(grantedServiceAccountId)).ToList();
+
+        var groupAccessPolicies = GroupAccessPolicyRequests?
+            .Select(x => x.ToGroupServiceAccountAccessPolicy(grantedServiceAccountId)).ToList();
+
+        var policies = new List<BaseAccessPolicy>();
+        if (userAccessPolicies != null)
+        {
+            policies.AddRange(userAccessPolicies);
+        }
+
+        if (groupAccessPolicies != null)
+        {
+            policies.AddRange(groupAccessPolicies);
+        }
        return policies;
    }
 }
@@ -74,4 +111,22 @@ public class AccessPolicyRequest
            Read = Read,
            Write = Write
        };
+
+    public UserServiceAccountAccessPolicy ToUserServiceAccountAccessPolicy(Guid id) =>
+        new()
+        {
+            OrganizationUserId = GranteeId,
+            GrantedServiceAccountId = id,
+            Read = Read,
+            Write = Write
+        };
+
+    public GroupServiceAccountAccessPolicy ToGroupServiceAccountAccessPolicy(Guid id) =>
+        new()
+        {
+            GroupId = GranteeId,
+            GrantedServiceAccountId = id,
+            Read = Read,
+            Write = Write
+        };
 }