bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2026-01-04 17:43:53 +00:00
Code Issues Releases Wiki Activity

[AC-1512] Feature: Secrets Manager Billing - round 2 (#3119)

Browse Source 
* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem (#3037)

* [AC-1423] Add AddonProduct and BitwardenProduct properties to BillingSubscriptionItem

- Add a helper method to determine the appropriate addon type based on the subscription items StripeId

* [AC-1423] Add helper to StaticStore.cs to find a Plan by StripePlanId

* [AC-1423] Use the helper method to set SubscriptionInfo.BitwardenProduct

* Add SecretsManagerBilling feature flag to Constants

* [AC 1409] Secrets Manager Subscription Stripe Integration  (#3019)

* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Changes for secret manager signup and upgradeplan

* Changes for secrets manager signup and upgrade

* refactoring the code

* Format whitespace

* remove unnecessary using directive

* Resolve the PR comment on Subscription creation

* Resolve PR comment

* Add password manager to the error message

* Add UseSecretsManager to the event log

* Resolve PR comment on plan validation

* Resolving pr comments for service account count

* Resolving pr comments for service account count

* Resolve the pr comments

* Remove the store procedure that is no-longer needed

* Rename a property properly

* Resolving the PR comment

* Resolve PR comments

* Resolving PR comments

* Resolving the Pr comments

* Resolving some PR comments

* Resolving the PR comments

* Resolving the build identity build

* Add additional Validation

* Resolve the Lint issues

* remove unnecessary using directive

* Remove the white spaces

* Adding unit test for the stripe payment

* Remove the incomplete test

* Fixing the failing test

* Fix the failing test

* Fix the fail test on organization service

* Fix the failing unit test

* Fix the whitespace format

* Fix the failing test

* Fix the whitespace format

* resolve pr comments

* Fix the lint message

* Resolve the PR comments

* resolve pr comments

* Resolve pr comments

* Resolve the pr comments

* remove unused code

* Added for sm validation test

* Fix the whitespace format issues

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* SM-802: Add SecretsManagerBetaColumn SQL migration and Org table update

* SM-802: Run EF Migrations for SecretsManagerBeta

* SM-802: Update the two Org procs and View, and move data migration to a separate file

* SM-802: Add missing comma to Organization_Create

* [AC-1418] Add missing SecretsManagerPlan property to OrganizationResponseModel (#3055)

* SM-802: Remove extra GO statement from data migration script

* [AC 1460] Update Stripe Configuration (#3070)

* change the stripeseat id

* change service accountId to align with new product

* make all the Id name for consistent

* SM-802: Add SecretsManagerBeta to OrganizationResponseModel

* SM-802: Move SecretsManagerBeta from OrganizationResponseModel to OrganizationSubscriptionResponseModel. Use sp_refreshview instead of sp_refreshsqlmodule in the migration script.

* SM-802: Remove OrganizationUserOrganizationDetailsView.sql changes

* [AC 1410] Secrets Manager subscription adjustment back-end changes (#3036)

* Create UpgradeSecretsManagerSubscription command

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* SM-802: Remove SecretsManagerBetaColumn migration

* SM-802: Add SecretsManagerBetaColumn migration

* SM-802: Remove OrganizationUserOrganizationDetailsView update

* [AC-1495] Extract UpgradePlanAsync into a command (#3081)

* This is a pure lift & shift with no refactors

* Only register subscription commands in Api

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>

* [AC-1503] Fix Stripe integration on organization upgrade (#3084)

* Fix SM parameters not being passed to Stripe

* Fix flaky test

* Fix error message

* [AC-1504] Allow SM max autoscale limits to be disabled (#3085)

* [AC-1488] Changed SM Signup and Upgrade paths to set SmServiceAccounts to include the plan BaseServiceAccount (#3086)

* [AC-1510] Enable access to Secrets Manager to Organization owner for new Subscription (#3089)

* Revert changes to ReferenceEvent code (#3091)

* Revert changes to ReferenceEvent code

This will be done in AC-1481

* Revert ReferenceEventType change

* Move NoopServiceAccountRepository to SM and update namespace

* [AC-1462] Add secrets manager service accounts autoscaling commands (#3059)

* Adding the Secret manager to the Plan List

* Adding the unit test for the StaticStoreTests class

* Fix whitespace formatting

* Fix whitespace formatting

* Price update

* Resolving the PR comments

* Resolving PR comments

* Fixing the whitespace

* only password manager plans are return for now

* format whitespace

* Resolve the test issue

* Fixing the failing test

* Refactoring the Plan separation

* add a unit test for SingleOrDefault

* Fix the whitespace format

* Separate the PM and SM plans

* Fixing the whitespace

* Remove unnecessary directive

* Fix imports ordering

* Fix imports ordering

* Resolve imports ordering

* Fixing imports ordering

* Fix response model, add MaxProjects

* Fix filename

* Fix format

* Fix: seat price should match annual/monthly

* Fix service account annual pricing

* Changes for secret manager signup and upgradeplan

* Changes for secrets manager signup and upgrade

* refactoring the code

* Format whitespace

* remove unnecessary using directive

* Changes for subscription Update

* Update the seatAdjustment and update

* Resolve the PR comment on Subscription creation

* Resolve PR comment

* Add password manager to the error message

* Add UseSecretsManager to the event log

* Resolve PR comment on plan validation

* Resolving pr comments for service account count

* Resolving pr comments for service account count

* Resolve the pr comments

* Remove the store procedure that is no-longer needed

* Add a new class for update subscription

* Modify the Update subscription for sm

* Add the missing property

* Rename a property properly

* Resolving the PR comment

* Resolve PR comments

* Resolving PR comments

* Resolving the Pr comments

* Resolving some PR comments

* Resolving the PR comments

* Resolving the build identity build

* Add additional Validation

* Resolve the Lint issues

* remove unnecessary using directive

* Remove the white spaces

* Adding unit test for the stripe payment

* Remove the incomplete test

* Fixing the failing test

* Fix the failing test

* Fix the fail test on organization service

* Fix the failing unit test

* Fix the whitespace format

* Fix the failing test

* Fix the whitespace format

* resolve pr comments

* Fix the lint message

* refactor the code

* Fix the failing Test

* adding a new endpoint

* Remove the unwanted code

* Changes for Command and Queries

* changes for command and queries

* Fix the Lint issues

* Fix imports ordering

* Resolve the PR comments

* resolve pr comments

* Resolve pr comments

* Fix the failing test on adjustSeatscommandtests

* Fix the failing test

* Fix the whitespaces

* resolve failing test

* rename a property

* Resolve the pr comments

* refactoring the existing implementation

* Resolve the whitespaces format issue

* Resolve the pr comments

* [AC-1462] Created IAvailableServiceAccountsQuery along its implementation and with unit tests

* [AC-1462] Renamed ICountNewServiceAccountSlotsRequiredQuery

* [AC-1462] Added IAutoscaleServiceAccountsCommand and implementation

* Add more unit testing

* fix the whitespaces issues

* [AC-1462] Added unit tests for AutoscaleServiceAccountsCommand

* Add more unit test

* Remove unnecessary directive

* Resolve some pr comments

* Adding more unit test

* adding more test

* add more test

* Resolving some pr comments

* Resolving some pr comments

* Resolving some pr comments

* resolve some pr comments

* Resolving pr comments

* remove whitespaces

* remove white spaces

* Resolving pr comments

* resolving pr comments and fixing white spaces

* resolving the lint error

* Run dotnet format

* resolving the pr comments

* Add a missing properties to plan response model

* Add the email sender for sm seat and service acct

* Add the email sender for sm seat and service acct

* Fix the failing test after email sender changes

* Add staticstorewrapper to properly test the plans

* Add more test and validate the existing test

* Fix the white spaces issues

* Remove staticstorewrapper and fix the test

* fix a null issue on autoscaling

* Suggestion: do all seat calculations in update model

* Resolve some pr comments

* resolving some pr comments

* Return value is unnecessary

* Resolve the failing test

* resolve pr comments

* Resolve the pr comments

* Resolving admin api failure and adding more test

* Resolve the issue failing admin project

* Fixing the failed test

* Clarify naming and add comments

* Clarify naming conventions

* Dotnet format

* Fix the failing dependency

* remove similar test

* [AC-1462] Rewrote AutoscaleServiceAccountsCommand to use UpdateSecretsManagerSubscriptionCommand which has the same logic

* [AC-1462] Deleted IAutoscaleServiceAccountsCommand as the logic will be moved to UpdateSecretsManagerSubscriptionCommand

* [AC-1462] Created method AdjustSecretsManagerServiceAccountsAsync

* [AC-1462] Changed SecretsManagerSubscriptionUpdate to only be set by its constructor

* [AC-1462] Added check to CountNewServiceAccountSlotsRequiredQuery and revised unit tests

* [AC-1462] Revised logic for CountNewServiceAccountSlotsRequiredQuery and fixed unit tests

* [AC-1462] Changed SecretsManagerSubscriptionUpdate to receive Organization as a parameter and fixed the unit tests

* [AC-1462] Renamed IUpdateSecretsManagerSubscriptionCommand methods UpdateSubscriptionAsync and AdjustServiceAccountsAsync

* [AC-1462] Rewrote unit test UpdateSubscriptionAsync_ValidInput_Passes

* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection

* [AC-1462] Added parameter names to SecretsManagerSubscriptionUpdateRequestModel

* [AC-1462] Updated SecretsManagerSubscriptionUpdate logic to handle null parameters. Revised the unit tests to test null values

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* Add UsePasswordManager to sync data (#3114)

* [AC-1522] Fix service account check on upgrading (#3111)

* Resolved the checkmarx issues

* [AC-1521] Address checkmarx security feedback (#3124)

* Reinstate target attribute but add noopener noreferrer

* Update date on migration script

* Remove unused constant

* Revert "Remove unused constant"

This reverts commit 4fcb9da4d6.

This is required to make feature flags work on the client

* [AC-1458] Add Endpoint And Service Logic for secrets manager to existing subscription (#3087)

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* Remove duplicate migrations from incorrectly resolved merge

* [AC-1468] Modified CountNewServiceAccountSlotsRequiredQuery to return zero if organization has SecretsManagerBeta == true (#3112)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>

* [Ac 1563] Unable to load billing and subscription related pages for non-enterprise organizations (#3138)

* Resolve the failing family plan

* resolve issues

* Resolve code related pr comments

* Resolve test related comments

* Resolving or comments

* [SM-809] Add service account slot limit check (#3093)

* Add service account slot limit check

* Add query to DI

* [AC-1462] Registered CountNewServiceAccountSlotsRequiredQuery for dependency injection

* remove duplicate DI entry

* Update unit tests

* Remove comment

* Code review updates

---------

Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>

* [AC-1461] Secrets manager seat autoscaling (#3121)

* Add autoscaling code to invite user, save user, and bulk enable SM
  flows

* Add tests

* Delete command for BulkEnableSecretsManager

* circular dependency between OrganizationService and
  UpdateSecretsManagerSubscriptionCommand - fixed by temporarily
  duplicating ReplaceAndUpdateCache

* Unresolvable dependencies in other services - fixed by temporarily
  registering noop services and moving around some DI code

All should be resolved in PM-1880

* Refactor: improve the update object and use it to adjust values,
  remove excess interfaces on the command

* Handle autoscaling-specific errors

---------

Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>

* Move bitwarden_license include reference into conditional block

* [AC 1526]Show current SM seat and service account usage in Bitwarden Portal (#3142)

* changes base on the tickets request

* Code refactoring

* Removed the unwanted method

* Add implementation to the new method

* Resolve some pr comments

* resolve lint issue

* resolve pr comments

* add the new noop files

* Add new noop file and resolve some pr comments

* resolve pr comments

* removed unused method

---------

Co-authored-by: Shane Melton <smelton@bitwarden.com>
Co-authored-by: cyprain-okeke <108260115+cyprain-okeke@users.noreply.github.com>
Co-authored-by: Colton Hurst <colton@coltonhurst.com>
Co-authored-by: cyprain-okeke <cokeke@bitwarden.com>
Co-authored-by: Rui Tomé <108268980+r-tome@users.noreply.github.com>
Co-authored-by: Conner Turnbull <cturnbull@bitwarden.com>
Co-authored-by: Rui Tome <rtome@bitwarden.com>
Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
This commit is contained in:
Thomas Rittson
2023-08-05 07:51:12 +10:00
committed by GitHub
parent 174d890234
commit 3573aee2ef
51 changed files with 2003 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
src/Core/Models/Business/SecretsManagerSubscriptionUpdate.cs
View File

@@ -1,24 +1,17 @@
namespace Bit.Core.Models.Business;
using Bit.Core.Entities;
using Bit.Core.Exceptions;
using Bit.Core.Models.StaticStore;
namespace Bit.Core.Models.Business;
public class SecretsManagerSubscriptionUpdate
{
public Guid OrganizationId { get; set; }
/// <summary>
/// The seats to be added or removed from the organization
/// </summary>
public int SmSeatsAdjustment { get; set; }
public Organization Organization { get; set; }
/// <summary>
/// The total seats the organization will have after the update, including any base seats included in the plan
/// </summary>
public int SmSeats { get; set; }
/// <summary>
/// The seats the organization will have after the update, excluding the base seats included in the plan
/// Usually this is what the organization is billed for
/// </summary>
public int SmSeatsExcludingBase { get; set; }
public int? SmSeats { get; set; }
/// <summary>
/// The new autoscale limit for seats, expressed as a total (not an adjustment).
@@ -26,22 +19,11 @@ public class SecretsManagerSubscriptionUpdate
/// </summary>
public int? MaxAutoscaleSmSeats { get; set; }
/// <summary>
/// The service accounts to be added or removed from the organization
/// </summary>
public int SmServiceAccountsAdjustment { get; set; }
/// <summary>
/// The total service accounts the organization will have after the update, including the base service accounts
/// included in the plan
/// </summary>
public int SmServiceAccounts { get; set; }
/// <summary>
/// The seats the organization will have after the update, excluding the base seats included in the plan
/// Usually this is what the organization is billed for
/// </summary>
public int SmServiceAccountsExcludingBase { get; set; }
public int? SmServiceAccounts { get; set; }
/// <summary>
/// The new autoscale limit for service accounts, expressed as a total (not an adjustment).
@@ -49,8 +31,73 @@ public class SecretsManagerSubscriptionUpdate
/// </summary>
public int? MaxAutoscaleSmServiceAccounts { get; set; }
public bool SmSeatsChanged => SmSeatsAdjustment != 0;
public bool SmServiceAccountsChanged => SmServiceAccountsAdjustment != 0;
public bool MaxAutoscaleSmSeatsChanged { get; set; }
public bool MaxAutoscaleSmServiceAccountsChanged { get; set; }
/// <summary>
/// The proration date for the subscription update (optional)
/// </summary>
public DateTime? ProrationDate { get; set; }
/// <summary>
/// Whether the subscription update is a result of autoscaling
/// </summary>
public bool Autoscaling { get; init; }
/// <summary>
/// The seats the organization will have after the update, excluding the base seats included in the plan
/// Usually this is what the organization is billed for
/// </summary>
public int SmSeatsExcludingBase => SmSeats.HasValue ? SmSeats.Value - Plan.BaseSeats : 0;
/// <summary>
/// The seats the organization will have after the update, excluding the base seats included in the plan
/// Usually this is what the organization is billed for
/// </summary>
public int SmServiceAccountsExcludingBase => SmServiceAccounts.HasValue ? SmServiceAccounts.Value - Plan.BaseServiceAccount.GetValueOrDefault() : 0;
public bool SmSeatsChanged => SmSeats != Organization.SmSeats;
public bool SmServiceAccountsChanged => SmServiceAccounts != Organization.SmServiceAccounts;
public bool MaxAutoscaleSmSeatsChanged => MaxAutoscaleSmSeats != Organization.MaxAutoscaleSmSeats;
public bool MaxAutoscaleSmServiceAccountsChanged =>
MaxAutoscaleSmServiceAccounts != Organization.MaxAutoscaleSmServiceAccounts;
public Plan Plan => Utilities.StaticStore.GetSecretsManagerPlan(Organization.PlanType);
public SecretsManagerSubscriptionUpdate(
Organization organization,
int seatAdjustment, int? maxAutoscaleSeats,
int serviceAccountAdjustment, int? maxAutoscaleServiceAccounts) : this(organization, false)
{
AdjustSeats(seatAdjustment);
AdjustServiceAccounts(serviceAccountAdjustment);
MaxAutoscaleSmSeats = maxAutoscaleSeats;
MaxAutoscaleSmServiceAccounts = maxAutoscaleServiceAccounts;
}
public SecretsManagerSubscriptionUpdate(Organization organization, bool autoscaling)
{
if (organization == null)
{
throw new NotFoundException("Organization is not found.");
}
Organization = organization;
if (Plan == null)
{
throw new NotFoundException("Invalid Secrets Manager plan.");
}
SmSeats = organization.SmSeats;
MaxAutoscaleSmSeats = organization.MaxAutoscaleSmSeats;
SmServiceAccounts = organization.SmServiceAccounts;
MaxAutoscaleSmServiceAccounts = organization.MaxAutoscaleSmServiceAccounts;
Autoscaling = autoscaling;
}
public void AdjustSeats(int adjustment)
{
SmSeats = SmSeats.GetValueOrDefault() + adjustment;
}
public void AdjustServiceAccounts(int adjustment)
{
SmServiceAccounts = SmServiceAccounts.GetValueOrDefault() + adjustment;
}
}

75
src/Core/Models/Business/SubscriptionUpdate.cs
View File

@@ -30,7 +30,6 @@ public abstract class SubscriptionUpdate
planId == null ? null : subscription.Items?.Data?.FirstOrDefault(i => i.Plan.Id == planId);
}
public class SeatSubscriptionUpdate : SubscriptionUpdate
{
private readonly int _previousSeats;
@@ -262,3 +261,77 @@ public class SponsorOrganizationSubscriptionUpdate : SubscriptionUpdate
SubscriptionItem(subscription, _existingPlanStripeId);
}
public class SecretsManagerSubscribeUpdate : SubscriptionUpdate
{
private readonly StaticStore.Plan _plan;
private readonly long? _additionalSeats;
private readonly long? _additionalServiceAccounts;
private readonly int _previousSeats;
private readonly int _previousServiceAccounts;
protected override List<string> PlanIds => new() { _plan.StripeSeatPlanId, _plan.StripeServiceAccountPlanId };
public SecretsManagerSubscribeUpdate(Organization organization, StaticStore.Plan plan, long? additionalSeats, long? additionalServiceAccounts)
{
_plan = plan;
_additionalSeats = additionalSeats;
_additionalServiceAccounts = additionalServiceAccounts;
_previousSeats = organization.SmSeats.GetValueOrDefault();
_previousServiceAccounts = organization.SmServiceAccounts.GetValueOrDefault();
}
public override List<SubscriptionItemOptions> RevertItemsOptions(Subscription subscription)
{
var updatedItems = new List<SubscriptionItemOptions>();
RemovePreviousSecretsManagerItems(updatedItems);
return updatedItems;
}
public override List<SubscriptionItemOptions> UpgradeItemsOptions(Subscription subscription)
{
var updatedItems = new List<SubscriptionItemOptions>();
AddNewSecretsManagerItems(updatedItems);
return updatedItems;
}
private void AddNewSecretsManagerItems(List<SubscriptionItemOptions> updatedItems)
{
if (_additionalSeats > 0)
{
updatedItems.Add(new SubscriptionItemOptions
{
Price = _plan.StripeSeatPlanId,
Quantity = _additionalSeats
});
}
if (_additionalServiceAccounts > 0)
{
updatedItems.Add(new SubscriptionItemOptions
{
Price = _plan.StripeServiceAccountPlanId,
Quantity = _additionalServiceAccounts
});
}
}
private void RemovePreviousSecretsManagerItems(List<SubscriptionItemOptions> updatedItems)
{
updatedItems.Add(new SubscriptionItemOptions
{
Price = _plan.StripeSeatPlanId,
Quantity = _previousSeats,
Deleted = _previousSeats == 0 ? true : (bool?)null,
});
updatedItems.Add(new SubscriptionItemOptions
{
Price = _plan.StripeServiceAccountPlanId,
Quantity = _previousServiceAccounts,
Deleted = _previousServiceAccounts == 0 ? true : (bool?)null,
});
}
}

21
src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
View File

@@ -17,8 +17,10 @@ using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterpri
using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Cloud;
using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.Interfaces;
using Bit.Core.OrganizationFeatures.OrganizationSponsorships.FamiliesForEnterprise.SelfHosted;
using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager;
using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.OrganizationFeatures.OrganizationUsers;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Tokens;
@@ -33,7 +35,6 @@ public static class OrganizationServiceCollectionExtensions
public static void AddOrganizationServices(this IServiceCollection services, IGlobalSettings globalSettings)
{
services.AddScoped<IOrganizationService, OrganizationService>();
services.AddScoped<IEnableAccessSecretsManagerCommand, EnableAccessSecretsManagerCommand>();
services.AddTokenizers();
services.AddOrganizationGroupCommands();
services.AddOrganizationConnectionCommands();
@@ -44,6 +45,8 @@ public static class OrganizationServiceCollectionExtensions
services.AddOrganizationLicenseCommandsQueries();
services.AddOrganizationDomainCommandsQueries();
services.AddOrganizationAuthCommands();
services.AddOrganizationUserCommandsQueries();
services.AddBaseOrganizationSubscriptionCommandsQueries();
}
private static void AddOrganizationConnectionCommands(this IServiceCollection services)
@@ -118,6 +121,18 @@ public static class OrganizationServiceCollectionExtensions
services.AddScoped<IUpdateOrganizationAuthRequestCommand, UpdateOrganizationAuthRequestCommand>();
}
private static void AddOrganizationUserCommandsQueries(this IServiceCollection services)
{
services.AddScoped<ICountNewSmSeatsRequiredQuery, CountNewSmSeatsRequiredQuery>();
}
// TODO: move to OrganizationSubscriptionServiceCollectionExtensions when OrganizationUser methods are moved out of
// TODO: OrganizationService - see PM-1880
private static void AddBaseOrganizationSubscriptionCommandsQueries(this IServiceCollection services)
{
services.AddScoped<IUpdateSecretsManagerSubscriptionCommand, UpdateSecretsManagerSubscriptionCommand>();
}
private static void AddTokenizers(this IServiceCollection services)
{
services.AddSingleton<IDataProtectorTokenFactory<OrganizationSponsorshipOfferTokenable>>(serviceProvider =>

76
src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs Normal file
View File

@@ -0,0 +1,76 @@
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.Services;
using Bit.Core.Utilities;
namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscriptionCommand
{
private readonly IPaymentService _paymentService;
private readonly IOrganizationService _organizationService;
public AddSecretsManagerSubscriptionCommand(
IPaymentService paymentService,
IOrganizationService organizationService)
{
_paymentService = paymentService;
_organizationService = organizationService;
}
public async Task SignUpAsync(Organization organization, int additionalSmSeats,
int additionalServiceAccounts)
{
ValidateOrganization(organization);
var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType);
var signup = SetOrganizationUpgrade(organization, additionalSmSeats, additionalServiceAccounts);
_organizationService.ValidateSecretsManagerPlan(plan, signup);
if (plan.Product != ProductType.Free)
{
await _paymentService.AddSecretsManagerToSubscription(organization, plan, additionalSmSeats, additionalServiceAccounts);
}
organization.SmSeats = plan.BaseSeats + additionalSmSeats;
organization.SmServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() + additionalServiceAccounts;
organization.UseSecretsManager = true;
await _organizationService.ReplaceAndUpdateCacheAsync(organization);
// TODO: call ReferenceEventService - see AC-1481
}
private static OrganizationUpgrade SetOrganizationUpgrade(Organization organization, int additionalSeats,
int additionalServiceAccounts)
{
var signup = new OrganizationUpgrade
{
UseSecretsManager = true,
AdditionalSmSeats = additionalSeats,
AdditionalServiceAccounts = additionalServiceAccounts,
AdditionalSeats = organization.Seats.GetValueOrDefault()
};
return signup;
}
private static void ValidateOrganization(Organization organization)
{
if (organization == null)
{
throw new NotFoundException();
}
var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType);
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId) && plan.Product != ProductType.Free)
{
throw new BadRequestException("No payment method found.");
}
if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId) && plan.Product != ProductType.Free)
{
throw new BadRequestException("No subscription found.");
}
}
}

11
src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IAddSecretsManagerSubscriptionCommand.cs Normal file
View File

@@ -0,0 +1,11 @@
using Bit.Core.Entities;
namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
/// <summary>
/// This is only for adding SM to an existing organization
/// </summary>
public interface IAddSecretsManagerSubscriptionCommand
{
Task SignUpAsync(Organization organization, int additionalSmSeats, int additionalServiceAccounts);
}

7
src/Core/OrganizationFeatures/OrganizationSubscriptions/Interface/IUpdateSecretsManagerSubscriptionCommand.cs
View File

@@ -1,8 +1,11 @@
using Bit.Core.Models.Business;
using Bit.Core.Entities;
using Bit.Core.Models.Business;
namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
public interface IUpdateSecretsManagerSubscriptionCommand
{
Task UpdateSecretsManagerSubscription(SecretsManagerSubscriptionUpdate update);
Task UpdateSubscriptionAsync(SecretsManagerSubscriptionUpdate update);
Task AdjustServiceAccountsAsync(Organization organization, int smServiceAccountsAdjustment);
Task ValidateUpdate(SecretsManagerSubscriptionUpdate update);
}

2
src/Core/OrganizationFeatures/OrganizationSubscriptions/OrganizationSubscriptionServiceCollectionExtensions.cs
View File

@@ -7,7 +7,7 @@ public static class OrganizationSubscriptionServiceCollectionExtensions
{
public static void AddOrganizationSubscriptionServices(this IServiceCollection services)
{
services.AddScoped<IUpdateSecretsManagerSubscriptionCommand, UpdateSecretsManagerSubscriptionCommand>();
services.AddScoped<IUpgradeOrganizationPlanCommand, UpgradeOrganizationPlanCommand>();
services.AddScoped<IAddSecretsManagerSubscriptionCommand, AddSecretsManagerSubscriptionCommand>();
}
}

253
src/Core/OrganizationFeatures/OrganizationSubscriptions/UpdateSecretsManagerSubscriptionCommand.cs
View File

@@ -1,5 +1,4 @@
#nullable enable
using Bit.Core.Entities;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
@@ -8,6 +7,7 @@ using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.Repositories;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Settings;
using Bit.Core.Utilities;
using Microsoft.Extensions.Logging;
@@ -15,86 +15,57 @@ namespace Bit.Core.OrganizationFeatures.OrganizationSubscriptions;
public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubscriptionCommand
{
private readonly IOrganizationRepository _organizationRepository;
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IPaymentService _paymentService;
private readonly IOrganizationService _organizationService;
private readonly IMailService _mailService;
private readonly ILogger<UpdateSecretsManagerSubscriptionCommand> _logger;
private readonly IServiceAccountRepository _serviceAccountRepository;
private readonly IGlobalSettings _globalSettings;
private readonly IOrganizationRepository _organizationRepository;
private readonly IApplicationCacheService _applicationCacheService;
private readonly IEventService _eventService;
public UpdateSecretsManagerSubscriptionCommand(
IOrganizationRepository organizationRepository,
IOrganizationService organizationService,
IOrganizationUserRepository organizationUserRepository,
IPaymentService paymentService,
IMailService mailService,
ILogger<UpdateSecretsManagerSubscriptionCommand> logger,
IServiceAccountRepository serviceAccountRepository)
IServiceAccountRepository serviceAccountRepository,
IGlobalSettings globalSettings,
IOrganizationRepository organizationRepository,
IApplicationCacheService applicationCacheService,
IEventService eventService)
{
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
_paymentService = paymentService;
_organizationService = organizationService;
_mailService = mailService;
_logger = logger;
_serviceAccountRepository = serviceAccountRepository;
_globalSettings = globalSettings;
_organizationRepository = organizationRepository;
_applicationCacheService = applicationCacheService;
_eventService = eventService;
}
public async Task UpdateSecretsManagerSubscription(SecretsManagerSubscriptionUpdate update)
public async Task UpdateSubscriptionAsync(SecretsManagerSubscriptionUpdate update)
{
var organization = await _organizationRepository.GetByIdAsync(update.OrganizationId);
await ValidateUpdate(update);
ValidateOrganization(organization);
await FinalizeSubscriptionAdjustmentAsync(update.Organization, update.Plan, update);
var plan = GetPlanForOrganization(organization);
if (update.SmSeatsChanged)
{
await ValidateSmSeatsUpdateAsync(organization, update, plan);
}
if (update.SmServiceAccountsChanged)
{
await ValidateSmServiceAccountsUpdateAsync(organization, update, plan);
}
if (update.MaxAutoscaleSmSeatsChanged)
{
ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan);
}
if (update.MaxAutoscaleSmServiceAccountsChanged)
{
ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan);
}
await FinalizeSubscriptionAdjustmentAsync(organization, plan, update);
await SendEmailIfAutoscaleLimitReached(organization);
await SendEmailIfAutoscaleLimitReached(update.Organization);
}
private Plan GetPlanForOrganization(Organization organization)
public async Task AdjustServiceAccountsAsync(Organization organization, int smServiceAccountsAdjustment)
{
var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType);
if (plan == null)
var update = new SecretsManagerSubscriptionUpdate(
organization, seatAdjustment: 0, maxAutoscaleSeats: organization?.MaxAutoscaleSmSeats,
serviceAccountAdjustment: smServiceAccountsAdjustment, maxAutoscaleServiceAccounts: organization?.MaxAutoscaleSmServiceAccounts)
{
throw new BadRequestException("Existing plan not found.");
}
return plan;
}
Autoscaling = true
};
private static void ValidateOrganization(Organization organization)
{
if (organization == null)
{
throw new NotFoundException("Organization is not found");
}
if (!organization.UseSecretsManager)
{
throw new BadRequestException("Organization has no access to Secrets Manager.");
}
await UpdateSubscriptionAsync(update);
}
private async Task FinalizeSubscriptionAdjustmentAsync(Organization organization,
@@ -122,13 +93,13 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
organization.MaxAutoscaleSmServiceAccounts = update.MaxAutoscaleSmServiceAccounts;
}
await _organizationService.ReplaceAndUpdateCacheAsync(organization);
await ReplaceAndUpdateCacheAsync(organization);
}
private async Task ProcessChargesAndRaiseEventsForAdjustSeatsAsync(Organization organization, Plan plan,
SecretsManagerSubscriptionUpdate update)
{
await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase);
await _paymentService.AdjustSeatsAsync(organization, plan, update.SmSeatsExcludingBase, update.ProrationDate);
// TODO: call ReferenceEventService - see AC-1481
}
@@ -137,7 +108,7 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
SecretsManagerSubscriptionUpdate update)
{
await _paymentService.AdjustServiceAccountsAsync(organization, plan,
update.SmServiceAccountsExcludingBase);
update.SmServiceAccountsExcludingBase, update.ProrationDate);
// TODO: call ReferenceEventService - see AC-1481
}
@@ -170,7 +141,6 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
{
_logger.LogError(e, $"Error encountered notifying organization owners of Seats limit reached.");
}
}
private async Task SendServiceAccountLimitEmailAsync(Organization organization, int MaxAutoscaleValue)
@@ -191,16 +161,59 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
}
private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
public async Task ValidateUpdate(SecretsManagerSubscriptionUpdate update)
{
if (organization.SmSeats == null)
if (_globalSettings.SelfHosted)
{
throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats");
var message = update.Autoscaling
? "Cannot autoscale on a self-hosted instance."
: "Cannot update subscription on a self-hosted instance.";
throw new BadRequestException(message);
}
if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats > update.MaxAutoscaleSmSeats.Value)
var organization = update.Organization;
ValidateOrganization(organization);
var plan = GetPlanForOrganization(organization);
if (update.SmSeatsChanged)
{
throw new BadRequestException("Cannot set max seat autoscaling below seat count.");
await ValidateSmSeatsUpdateAsync(organization, update, plan);
}
if (update.SmServiceAccountsChanged)
{
await ValidateSmServiceAccountsUpdateAsync(organization, update, plan);
}
if (update.MaxAutoscaleSmSeatsChanged)
{
ValidateMaxAutoscaleSmSeatsUpdateAsync(organization, update.MaxAutoscaleSmSeats, plan);
}
if (update.MaxAutoscaleSmServiceAccountsChanged)
{
ValidateMaxAutoscaleSmServiceAccountUpdate(organization, update.MaxAutoscaleSmServiceAccounts, plan);
}
}
private void ValidateOrganization(Organization organization)
{
if (organization == null)
{
throw new NotFoundException("Organization is not found.");
}
if (!organization.UseSecretsManager)
{
throw new BadRequestException("Organization has no access to Secrets Manager.");
}
var plan = GetPlanForOrganization(organization);
if (plan.Product == ProductType.Free)
{
// No need to check the organization is set up with Stripe
return;
}
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
@@ -212,32 +225,65 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
{
throw new BadRequestException("No subscription found.");
}
}
if (!plan.HasAdditionalSeatsOption)
private Plan GetPlanForOrganization(Organization organization)
{
var plan = StaticStore.SecretManagerPlans.FirstOrDefault(p => p.Type == organization.PlanType);
if (plan == null)
{
throw new BadRequestException("Plan does not allow additional Secrets Manager seats.");
throw new BadRequestException("Existing plan not found.");
}
return plan;
}
private async Task ValidateSmSeatsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
{
// Check if the organization has unlimited seats
if (organization.SmSeats == null)
{
throw new BadRequestException("Organization has no Secrets Manager seat limit, no need to adjust seats");
}
if (plan.BaseSeats > update.SmSeats)
if (update.Autoscaling && update.SmSeats.Value < organization.SmSeats.Value)
{
throw new BadRequestException("Cannot use autoscaling to subtract seats.");
}
// Check plan maximum seats
if (!plan.HasAdditionalSeatsOption ||
(plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value))
{
var planMaxSeats = plan.BaseSeats + plan.MaxAdditionalSeats.GetValueOrDefault();
throw new BadRequestException($"You have reached the maximum number of Secrets Manager seats ({planMaxSeats}) for this plan.");
}
// Check autoscale maximum seats
if (update.MaxAutoscaleSmSeats.HasValue && update.SmSeats.Value > update.MaxAutoscaleSmSeats.Value)
{
var message = update.Autoscaling
? "Secrets Manager seat limit has been reached."
: "Cannot set max seat autoscaling below seat count.";
throw new BadRequestException(message);
}
// Check minimum seats included with plan
if (plan.BaseSeats > update.SmSeats.Value)
{
throw new BadRequestException($"Plan has a minimum of {plan.BaseSeats} Secrets Manager seats.");
}
if (update.SmSeats <= 0)
// Check minimum seats required by business logic
if (update.SmSeats.Value <= 0)
{
throw new BadRequestException("You must have at least 1 Secrets Manager seat.");
}
if (plan.MaxAdditionalSeats.HasValue && update.SmSeatsExcludingBase > plan.MaxAdditionalSeats.Value)
{
throw new BadRequestException($"Organization plan allows a maximum of " +
$"{plan.MaxAdditionalSeats.Value} additional Secrets Manager seats.");
}
if (organization.SmSeats.Value > update.SmSeats)
// Check minimum seats currently in use by the organization
if (organization.SmSeats.Value > update.SmSeats.Value)
{
var currentSeats = await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id);
if (currentSeats > update.SmSeats)
if (currentSeats > update.SmSeats.Value)
{
throw new BadRequestException($"Your organization currently has {currentSeats} Secrets Manager seats. " +
$"Your plan only allows {update.SmSeats} Secrets Manager seats. Remove some Secrets Manager users.");
@@ -247,48 +293,50 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
private async Task ValidateSmServiceAccountsUpdateAsync(Organization organization, SecretsManagerSubscriptionUpdate update, Plan plan)
{
// Check if the organization has unlimited service accounts
if (organization.SmServiceAccounts == null)
{
throw new BadRequestException("Organization has no Service Accounts limit, no need to adjust Service Accounts");
}
if (update.MaxAutoscaleSmServiceAccounts.HasValue && update.SmServiceAccounts > update.MaxAutoscaleSmServiceAccounts.Value)
if (update.Autoscaling && update.SmServiceAccounts.Value < organization.SmServiceAccounts.Value)
{
throw new BadRequestException("Cannot set max Service Accounts autoscaling below Service Accounts count.");
throw new BadRequestException("Cannot use autoscaling to subtract service accounts.");
}
if (string.IsNullOrWhiteSpace(organization.GatewayCustomerId))
// Check plan maximum service accounts
if (!plan.HasAdditionalServiceAccountOption ||
(plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value))
{
throw new BadRequestException("No payment method found.");
var planMaxServiceAccounts = plan.BaseServiceAccount.GetValueOrDefault() +
plan.MaxAdditionalServiceAccount.GetValueOrDefault();
throw new BadRequestException($"You have reached the maximum number of service accounts ({planMaxServiceAccounts}) for this plan.");
}
if (string.IsNullOrWhiteSpace(organization.GatewaySubscriptionId))
// Check autoscale maximum service accounts
if (update.MaxAutoscaleSmServiceAccounts.HasValue &&
update.SmServiceAccounts.Value > update.MaxAutoscaleSmServiceAccounts.Value)
{
throw new BadRequestException("No subscription found.");
var message = update.Autoscaling
? "Secrets Manager service account limit has been reached."
: "Cannot set max service accounts autoscaling below service account amount.";
throw new BadRequestException(message);
}
if (!plan.HasAdditionalServiceAccountOption)
{
throw new BadRequestException("Plan does not allow additional Service Accounts.");
}
if (plan.BaseServiceAccount > update.SmServiceAccounts)
// Check minimum service accounts included with plan
if (plan.BaseServiceAccount.HasValue && plan.BaseServiceAccount.Value > update.SmServiceAccounts.Value)
{
throw new BadRequestException($"Plan has a minimum of {plan.BaseServiceAccount} Service Accounts.");
}
if (update.SmServiceAccounts <= 0)
// Check minimum service accounts required by business logic
if (update.SmServiceAccounts.Value <= 0)
{
throw new BadRequestException("You must have at least 1 Service Account.");
}
if (plan.MaxAdditionalServiceAccount.HasValue && update.SmServiceAccountsExcludingBase > plan.MaxAdditionalServiceAccount.Value)
{
throw new BadRequestException($"Organization plan allows a maximum of " +
$"{plan.MaxAdditionalServiceAccount.Value} additional Service Accounts.");
}
if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts)
// Check minimum service accounts currently in use by the organization
if (!organization.SmServiceAccounts.HasValue || organization.SmServiceAccounts.Value > update.SmServiceAccounts.Value)
{
var currentServiceAccounts = await _serviceAccountRepository.GetServiceAccountCountByOrganizationIdAsync(organization.Id);
if (currentServiceAccounts > update.SmServiceAccounts)
@@ -353,4 +401,17 @@ public class UpdateSecretsManagerSubscriptionCommand : IUpdateSecretsManagerSubs
"Reduce your max autoscale count."));
}
}
// TODO: This is a temporary duplication of OrganizationService.ReplaceAndUpdateCache to avoid a circular dependency.
// TODO: This should no longer be necessary when user-related methods are extracted from OrganizationService: see PM-1880
private async Task ReplaceAndUpdateCacheAsync(Organization org, EventType? orgEvent = null)
{
await _organizationRepository.ReplaceAsync(org);
await _applicationCacheService.UpsertOrganizationAbilityAsync(org);
if (orgEvent.HasValue)
{
await _eventService.LogOrganizationEventAsync(org, orgEvent.Value);
}
}
}

9
src/Core/OrganizationFeatures/OrganizationSubscriptions/UpgradeOrganizationPlanCommand.cs
View File

@@ -267,10 +267,15 @@ public class UpgradeOrganizationPlanCommand : IUpgradeOrganizationPlanCommand
organization.PublicKey = upgrade.PublicKey;
organization.PrivateKey = upgrade.PrivateKey;
organization.UsePasswordManager = true;
organization.SmSeats = (short)(newSecretsManagerPlan.BaseSeats + upgrade.AdditionalSmSeats.GetValueOrDefault());
organization.SmServiceAccounts = newSecretsManagerPlan.BaseServiceAccount + upgrade.AdditionalServiceAccounts.GetValueOrDefault();
organization.UseSecretsManager = upgrade.UseSecretsManager;
if (upgrade.UseSecretsManager)
{
organization.SmSeats = newSecretsManagerPlan.BaseSeats + upgrade.AdditionalSmSeats.GetValueOrDefault();
organization.SmServiceAccounts = newSecretsManagerPlan.BaseServiceAccount.GetValueOrDefault() +
upgrade.AdditionalServiceAccounts.GetValueOrDefault();
}
await _organizationService.ReplaceAndUpdateCacheAsync(organization);
if (success)

54
src/Core/OrganizationFeatures/OrganizationUsers/CountNewSmSeatsRequiredQuery.cs Normal file
View File

@@ -0,0 +1,54 @@
using Bit.Core.Exceptions;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Repositories;
namespace Bit.Core.OrganizationFeatures.OrganizationUsers;
public class CountNewSmSeatsRequiredQuery : ICountNewSmSeatsRequiredQuery
{
private readonly IOrganizationUserRepository _organizationUserRepository;
private readonly IOrganizationRepository _organizationRepository;
public CountNewSmSeatsRequiredQuery(IOrganizationUserRepository organizationUserRepository,
IOrganizationRepository organizationRepository)
{
_organizationUserRepository = organizationUserRepository;
_organizationRepository = organizationRepository;
}
public async Task<int> CountNewSmSeatsRequiredAsync(Guid organizationId, int usersToAdd)
{
if (usersToAdd == 0)
{
return 0;
}
var organization = await _organizationRepository.GetByIdAsync(organizationId);
if (organization == null)
{
throw new NotFoundException();
}
if (!organization.UseSecretsManager)
{
throw new BadRequestException("Organization does not use Secrets Manager");
}
if (!organization.SmSeats.HasValue || organization.SecretsManagerBeta)
{
return 0;
}
var occupiedSmSeats =
await _organizationUserRepository.GetOccupiedSmSeatCountByOrganizationIdAsync(organization.Id);
var availableSmSeats = organization.SmSeats.Value - occupiedSmSeats;
if (availableSmSeats >= usersToAdd)
{
return 0;
}
return usersToAdd - availableSmSeats;
}
}

6
src/Core/OrganizationFeatures/OrganizationUsers/Interfaces/ICountNewSmSeatsRequiredQuery.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
public interface ICountNewSmSeatsRequiredQuery
{
public Task<int> CountNewSmSeatsRequiredAsync(Guid organizationId, int usersToAdd);
}

43
src/Core/SecretsManager/Commands/EnableAccessSecretsManager/EnableAccessSecretsManagerCommand.cs
View File

@@ -1,43 +0,0 @@
using Bit.Core.Entities;
using Bit.Core.Repositories;
using Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager;
public class EnableAccessSecretsManagerCommand : IEnableAccessSecretsManagerCommand
{
private readonly IOrganizationUserRepository _organizationUserRepository;
public EnableAccessSecretsManagerCommand(IOrganizationUserRepository organizationUserRepository)
{
_organizationUserRepository = organizationUserRepository;
}
public async Task<List<(OrganizationUser organizationUser, string error)>> EnableUsersAsync(
IEnumerable<OrganizationUser> organizationUsers)
{
var results = new List<(OrganizationUser organizationUser, string error)>();
var usersToEnable = new List<OrganizationUser>();
foreach (var orgUser in organizationUsers)
{
if (orgUser.AccessSecretsManager)
{
results.Add((orgUser, "User already has access to Secrets Manager"));
}
else
{
orgUser.AccessSecretsManager = true;
usersToEnable.Add(orgUser);
results.Add((orgUser, ""));
}
}
if (usersToEnable.Any())
{
await _organizationUserRepository.ReplaceManyAsync(usersToEnable);
}
return results;
}
}

9
src/Core/SecretsManager/Commands/EnableAccessSecretsManager/Interfaces/IEnableAccessSecretsManagerCommand.cs
View File

@@ -1,9 +0,0 @@
using Bit.Core.Entities;
namespace Bit.Core.SecretsManager.Commands.EnableAccessSecretsManager.Interfaces;
public interface IEnableAccessSecretsManagerCommand
{
Task<List<(OrganizationUser organizationUser, string error)>> EnableUsersAsync(
IEnumerable<OrganizationUser> organizationUsers);
}

6
src/Core/SecretsManager/Queries/ServiceAccounts/Interfaces/ICountNewServiceAccountSlotsRequiredQuery.cs Normal file
View File

@@ -0,0 +1,6 @@
namespace Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
public interface ICountNewServiceAccountSlotsRequiredQuery
{
Task<int> CountNewServiceAccountSlotsRequiredAsync(Guid organizationId, int serviceAccountsToAdd);
}

1
src/Core/SecretsManager/Repositories/IProjectRepository.cs
View File

@@ -16,4 +16,5 @@ public interface IProjectRepository
Task<IEnumerable<Project>> ImportAsync(IEnumerable<Project> projects);
Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType);
Task<bool> ProjectsAreInOrganization(List<Guid> projectIds, Guid organizationId);
Task<int> GetProjectCountByOrganizationIdAsync(Guid organizationId);
}

1
src/Core/SecretsManager/Repositories/ISecretRepository.cs
View File

@@ -21,4 +21,5 @@ public interface ISecretRepository
Task UpdateRevisionDates(IEnumerable<Guid> ids);
Task<(bool Read, bool Write)> AccessToSecretAsync(Guid id, Guid userId, AccessClientType accessType);
Task EmptyTrash(DateTime nowTime, uint deleteAfterThisNumberOfDays);
Task<int> GetSecretsCountByOrganizationIdAsync(Guid organizationId);
}

65
src/Core/SecretsManager/Repositories/Noop/NoopProjectRepository.cs Normal file
View File

@@ -0,0 +1,65 @@
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Models.Data;
namespace Bit.Core.SecretsManager.Repositories.Noop;
public class NoopProjectRepository : IProjectRepository
{
public Task<IEnumerable<ProjectPermissionDetails>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId,
AccessClientType accessType)
{
return Task.FromResult(null as IEnumerable<ProjectPermissionDetails>);
}
public Task<IEnumerable<Project>> GetManyByOrganizationIdWriteAccessAsync(Guid organizationId, Guid userId,
AccessClientType accessType)
{
return Task.FromResult(null as IEnumerable<Project>);
}
public Task<IEnumerable<Project>> GetManyWithSecretsByIds(IEnumerable<Guid> ids)
{
return Task.FromResult(null as IEnumerable<Project>);
}
public Task<Project> GetByIdAsync(Guid id)
{
return Task.FromResult(null as Project);
}
public Task<Project> CreateAsync(Project project)
{
return Task.FromResult(null as Project);
}
public Task ReplaceAsync(Project project)
{
return Task.FromResult(0);
}
public Task DeleteManyByIdAsync(IEnumerable<Guid> ids)
{
return Task.FromResult(0);
}
public Task<IEnumerable<Project>> ImportAsync(IEnumerable<Project> projects)
{
return Task.FromResult(null as IEnumerable<Project>);
}
public Task<(bool Read, bool Write)> AccessToProjectAsync(Guid id, Guid userId, AccessClientType accessType)
{
return Task.FromResult((false, false));
}
public Task<bool> ProjectsAreInOrganization(List<Guid> projectIds, Guid organizationId)
{
return Task.FromResult(false);
}
public Task<int> GetProjectCountByOrganizationIdAsync(Guid organizationId)
{
return Task.FromResult(0);
}
}

91
src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs Normal file
View File

@@ -0,0 +1,91 @@
using Bit.Core.Enums;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Models.Data;
namespace Bit.Core.SecretsManager.Repositories.Noop;
public class NoopSecretRepository : ISecretRepository
{
public Task<IEnumerable<SecretPermissionDetails>> GetManyByOrganizationIdAsync(Guid organizationId, Guid userId,
AccessClientType accessType)
{
return Task.FromResult(null as IEnumerable<SecretPermissionDetails>);
}
public Task<IEnumerable<SecretPermissionDetails>> GetManyByOrganizationIdInTrashAsync(Guid organizationId)
{
return Task.FromResult(null as IEnumerable<SecretPermissionDetails>);
}
public Task<IEnumerable<Secret>> GetManyByOrganizationIdInTrashByIdsAsync(Guid organizationId,
IEnumerable<Guid> ids)
{
return Task.FromResult(null as IEnumerable<Secret>);
}
public Task<IEnumerable<Secret>> GetManyByIds(IEnumerable<Guid> ids)
{
return Task.FromResult(null as IEnumerable<Secret>);
}
public Task<IEnumerable<SecretPermissionDetails>> GetManyByProjectIdAsync(Guid projectId, Guid userId,
AccessClientType accessType)
{
return Task.FromResult(null as IEnumerable<SecretPermissionDetails>);
}
public Task<Secret> GetByIdAsync(Guid id)
{
return Task.FromResult(null as Secret);
}
public Task<Secret> CreateAsync(Secret secret)
{
return Task.FromResult(null as Secret);
}
public Task<Secret> UpdateAsync(Secret secret)
{
return Task.FromResult(null as Secret);
}
public Task SoftDeleteManyByIdAsync(IEnumerable<Guid> ids)
{
return Task.FromResult(0);
}
public Task HardDeleteManyByIdAsync(IEnumerable<Guid> ids)
{
return Task.FromResult(0);
}
public Task RestoreManyByIdAsync(IEnumerable<Guid> ids)
{
return Task.FromResult(0);
}
public Task<IEnumerable<Secret>> ImportAsync(IEnumerable<Secret> secrets)
{
return Task.FromResult(null as IEnumerable<Secret>);
}
public Task UpdateRevisionDates(IEnumerable<Guid> ids)
{
return Task.FromResult(0);
}
public Task<(bool Read, bool Write)> AccessToSecretAsync(Guid id, Guid userId, AccessClientType accessType)
{
return Task.FromResult((false, false));
}
public Task EmptyTrash(DateTime nowTime, uint deleteAfterThisNumberOfDays)
{
return Task.FromResult(0);
}
public Task<int> GetSecretsCountByOrganizationIdAsync(Guid organizationId)
{
return Task.FromResult(0);
}
}

2
src/Core/Services/IPaymentService.cs
View File

@@ -37,4 +37,6 @@ public interface IPaymentService
Task<TaxRate> CreateTaxRateAsync(TaxRate taxRate);
Task UpdateTaxRateAsync(TaxRate taxRate);
Task ArchiveTaxRateAsync(TaxRate taxRate);
Task<string> AddSecretsManagerToSubscription(Organization org, Plan plan, int additionalSmSeats,
int additionalServiceAccount, DateTime? prorationDate = null);
}

79
src/Core/Services/Implementations/OrganizationService.cs
View File

@@ -11,6 +11,8 @@ using Bit.Core.Exceptions;
using Bit.Core.Models.Business;
using Bit.Core.Models.Data;
using Bit.Core.Models.Data.Organizations.Policies;
using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface;
using Bit.Core.OrganizationFeatures.OrganizationUsers.Interfaces;
using Bit.Core.Repositories;
using Bit.Core.Settings;
using Bit.Core.Tools.Enums;
@@ -50,6 +52,8 @@ public class OrganizationService : IOrganizationService
private readonly ILogger<OrganizationService> _logger;
private readonly IProviderOrganizationRepository _providerOrganizationRepository;
private readonly IProviderUserRepository _providerUserRepository;
private readonly ICountNewSmSeatsRequiredQuery _countNewSmSeatsRequiredQuery;
private readonly IUpdateSecretsManagerSubscriptionCommand _updateSecretsManagerSubscriptionCommand;
public OrganizationService(
IOrganizationRepository organizationRepository,
@@ -76,7 +80,9 @@ public class OrganizationService : IOrganizationService
ICurrentContext currentContext,
ILogger<OrganizationService> logger,
IProviderOrganizationRepository providerOrganizationRepository,
IProviderUserRepository providerUserRepository)
IProviderUserRepository providerUserRepository,
ICountNewSmSeatsRequiredQuery countNewSmSeatsRequiredQuery,
IUpdateSecretsManagerSubscriptionCommand updateSecretsManagerSubscriptionCommand)
{
_organizationRepository = organizationRepository;
_organizationUserRepository = organizationUserRepository;
@@ -103,6 +109,8 @@ public class OrganizationService : IOrganizationService
_logger = logger;
_providerOrganizationRepository = providerOrganizationRepository;
_providerUserRepository = providerUserRepository;
_countNewSmSeatsRequiredQuery = countNewSmSeatsRequiredQuery;
_updateSecretsManagerSubscriptionCommand = updateSecretsManagerSubscriptionCommand;
}
public async Task ReplacePaymentMethodAsync(Guid organizationId, string paymentToken,
@@ -446,11 +454,16 @@ public class OrganizationService : IOrganizationService
RevisionDate = DateTime.UtcNow,
Status = OrganizationStatusType.Created,
UsePasswordManager = true,
SmSeats = (short)(secretsManagerPlan.BaseSeats + signup.AdditionalSmSeats.GetValueOrDefault()),
SmServiceAccounts = secretsManagerPlan.BaseServiceAccount + signup.AdditionalServiceAccounts.GetValueOrDefault(),
UseSecretsManager = signup.UseSecretsManager
UseSecretsManager = signup.UseSecretsManager,
};
if (signup.UseSecretsManager)
{
organization.SmSeats = secretsManagerPlan.BaseSeats + signup.AdditionalSmSeats.GetValueOrDefault();
organization.SmServiceAccounts = secretsManagerPlan.BaseServiceAccount.GetValueOrDefault() +
signup.AdditionalServiceAccounts.GetValueOrDefault();
}
if (passwordManagerPlan.Type == PlanType.Free && !provider)
{
var adminCount =
@@ -816,9 +829,12 @@ public class OrganizationService : IOrganizationService
throw new NotFoundException();
}
var newSeatsRequired = 0;
var existingEmails = new HashSet<string>(await _organizationUserRepository.SelectKnownEmailsAsync(
organizationId, invites.SelectMany(i => i.invite.Emails), false), StringComparer.InvariantCultureIgnoreCase);
// Seat autoscaling
var initialSmSeatCount = organization.SmSeats;
var newSeatsRequired = 0;
if (organization.Seats.HasValue)
{
var occupiedSeats = await _organizationUserRepository.GetOccupiedSeatCountByOrganizationIdAsync(organization.Id);
@@ -835,6 +851,21 @@ public class OrganizationService : IOrganizationService
}
}
// Secrets Manager seat autoscaling
SecretsManagerSubscriptionUpdate smSubscriptionUpdate = null;
var inviteWithSmAccessCount = invites
.Where(i => i.invite.AccessSecretsManager)
.SelectMany(i => i.invite.Emails)
.Count(email => !existingEmails.Contains(email));
var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(organization.Id, inviteWithSmAccessCount);
if (additionalSmSeatsRequired > 0)
{
smSubscriptionUpdate = new SecretsManagerSubscriptionUpdate(organization, true);
smSubscriptionUpdate.AdjustSeats(additionalSmSeatsRequired);
await _updateSecretsManagerSubscriptionCommand.ValidateUpdate(smSubscriptionUpdate);
}
var invitedAreAllOwners = invites.All(i => i.invite.Type == OrganizationUserType.Owner);
if (!invitedAreAllOwners && !await HasConfirmedOwnersExceptAsync(organizationId, new Guid[] { }, includeProvider: true))
{
@@ -928,6 +959,11 @@ public class OrganizationService : IOrganizationService
throw new BadRequestException("Cannot add seats. Cannot manage organization users.");
}
if (additionalSmSeatsRequired > 0)
{
smSubscriptionUpdate.ProrationDate = prorationDate;
await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(smSubscriptionUpdate);
}
await AutoAddSeatsAsync(organization, newSeatsRequired, prorationDate);
await SendInvitesAsync(orgUsers.Concat(limitedCollectionOrgUsers.Select(u => u.Item1)), organization);
@@ -942,11 +978,24 @@ public class OrganizationService : IOrganizationService
// Revert any added users.
var invitedOrgUserIds = orgUsers.Select(u => u.Id).Concat(limitedCollectionOrgUsers.Select(u => u.Item1.Id));
await _organizationUserRepository.DeleteManyAsync(invitedOrgUserIds);
var currentSeatCount = (await _organizationRepository.GetByIdAsync(organization.Id)).Seats;
var currentOrganization = await _organizationRepository.GetByIdAsync(organization.Id);
if (initialSeatCount.HasValue && currentSeatCount.HasValue && currentSeatCount.Value != initialSeatCount.Value)
// Revert autoscaling
if (initialSeatCount.HasValue && currentOrganization.Seats.HasValue && currentOrganization.Seats.Value != initialSeatCount.Value)
{
await AdjustSeatsAsync(organization, initialSeatCount.Value - currentSeatCount.Value, prorationDate);
await AdjustSeatsAsync(organization, initialSeatCount.Value - currentOrganization.Seats.Value, prorationDate);
}
// Revert SmSeat autoscaling
if (initialSmSeatCount.HasValue && currentOrganization.SmSeats.HasValue &&
currentOrganization.SmSeats.Value != initialSmSeatCount.Value)
{
var smSubscriptionUpdateRevert = new SecretsManagerSubscriptionUpdate(currentOrganization, false)
{
SmSeats = initialSmSeatCount.Value,
ProrationDate = prorationDate
};
await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(smSubscriptionUpdateRevert);
}
exceptions.Add(e);
@@ -1343,6 +1392,20 @@ public class OrganizationService : IOrganizationService
throw new BadRequestException("Organization must have at least one confirmed owner.");
}
// Only autoscale (if required) after all validation has passed so that we know it's a valid request before
// updating Stripe
if (!originalUser.AccessSecretsManager && user.AccessSecretsManager)
{
var additionalSmSeatsRequired = await _countNewSmSeatsRequiredQuery.CountNewSmSeatsRequiredAsync(user.OrganizationId, 1);
if (additionalSmSeatsRequired > 0)
{
var organization = await _organizationRepository.GetByIdAsync(user.OrganizationId);
var update = new SecretsManagerSubscriptionUpdate(organization, true);
update.AdjustSeats(additionalSmSeatsRequired);
await _updateSecretsManagerSubscriptionCommand.UpdateSubscriptionAsync(update);
}
}
if (user.AccessAll)
{
// We don't need any collections if we're flagged to have all access.

6
src/Core/Services/Implementations/StripePaymentService.cs
View File

@@ -1710,6 +1710,12 @@ public class StripePaymentService : IPaymentService
}
}
public async Task<string> AddSecretsManagerToSubscription(Organization org, StaticStore.Plan plan, int additionalSmSeats,
int additionalServiceAccount, DateTime? prorationDate = null)
{
return await FinalizeSubscriptionChangeAsync(org, new SecretsManagerSubscribeUpdate(org, plan, additionalSmSeats, additionalServiceAccount), prorationDate);
}
private Stripe.PaymentMethod GetLatestCardPaymentMethod(string customerId)
{
var cardPaymentMethods = _stripeAdapter.PaymentMethodListAutoPaging(