[SM-923] Add project service accounts access policies management endpoints (#3993)

* Add new models * Update repositories * Add new authz handler * Add new query * Add new command * Add authz, command, and query to DI * Add new endpoint to controller * Add query unit tests * Add api unit tests * Add api integration tests
2025-12-30 15:14:02 +00:00 · 2024-05-02 11:06:20 -05:00
parent e302ee1520
commit 7f8cea58d0
23 changed files with 1559 additions and 29 deletions
--- a/src/Api/SecretsManager/Models/Request/ProjectServiceAccountsAccessPoliciesRequestModel.cs
+++ b/src/Api/SecretsManager/Models/Request/ProjectServiceAccountsAccessPoliciesRequestModel.cs
@@ -0,0 +1,28 @@
+#nullable enable
+using Bit.Api.SecretsManager.Utilities;
+using Bit.Core.SecretsManager.Entities;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Request;
+
+public class ProjectServiceAccountsAccessPoliciesRequestModel
+{
+    public required IEnumerable<AccessPolicyRequest> ServiceAccountAccessPolicyRequests { get; set; }
+
+    public ProjectServiceAccountsAccessPolicies ToProjectServiceAccountsAccessPolicies(Project project)
+    {
+        var serviceAccountAccessPolicies = ServiceAccountAccessPolicyRequests
+            .Select(x => x.ToServiceAccountProjectAccessPolicy(project.Id, project.OrganizationId))
+            .ToList();
+
+        AccessPolicyHelpers.CheckForDistinctAccessPolicies(serviceAccountAccessPolicies);
+        AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(serviceAccountAccessPolicies);
+
+        return new ProjectServiceAccountsAccessPolicies
+        {
+            ProjectId = project.Id,
+            OrganizationId = project.OrganizationId,
+            ServiceAccountAccessPolicies = serviceAccountAccessPolicies
+        };
+    }
+}
--- a/src/Api/SecretsManager/Models/Response/ProjectServiceAccountsAccessPoliciesResponseModel.cs
+++ b/src/Api/SecretsManager/Models/Response/ProjectServiceAccountsAccessPoliciesResponseModel.cs
@@ -0,0 +1,29 @@
+#nullable enable
+using Bit.Core.Models.Api;
+using Bit.Core.SecretsManager.Models.Data;
+
+namespace Bit.Api.SecretsManager.Models.Response;
+
+public class ProjectServiceAccountsAccessPoliciesResponseModel : ResponseModel
+{
+    private const string _objectName = "ProjectServiceAccountsAccessPolicies";
+
+    public ProjectServiceAccountsAccessPoliciesResponseModel(
+        ProjectServiceAccountsAccessPolicies? projectServiceAccountsAccessPolicies)
+        : base(_objectName)
+    {
+        if (projectServiceAccountsAccessPolicies == null)
+        {
+            return;
+        }
+
+        ServiceAccountAccessPolicies = projectServiceAccountsAccessPolicies.ServiceAccountAccessPolicies
+            .Select(x => new ServiceAccountProjectAccessPolicyResponseModel(x)).ToList();
+    }
+
+    public ProjectServiceAccountsAccessPoliciesResponseModel() : base(_objectName)
+    {
+    }
+
+    public List<ServiceAccountProjectAccessPolicyResponseModel> ServiceAccountAccessPolicies { get; set; } = [];
+}