server icon indicating copy to clipboard operation
server copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

[SM-390] Project Access Policies

Open Thomas-Avery opened this issue 2 years ago • 0 comments

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.

Code changes

  • bitwarden_license/src/Commercial.Core/SecretManagerFeatures/AccessPolicies/CreateAccessPoliciesCommand.cs src/Core/SecretManagerFeatures/AccessPolicies/Interfaces/ICreateAccessPoliciesCommand.cs

Command and interface for creating access policies.

  • bitwarden_license/src/Commercial.Core/SecretManagerFeatures/AccessPolicies/UpdateAccessPolicyCommand.cs src/Core/SecretManagerFeatures/AccessPolicies/Interfaces/IUpdateAccessPolicyCommand.cs

Command and interface for updating access policies.

  • bitwarden_license/src/Commercial.Core/SecretManagerFeatures/AccessPolicies/DeleteAccessPolicyCommand.cs src/Core/SecretManagerFeatures/AccessPolicies/Interfaces/IDeleteAccessPolicyCommand.cs

Command and interface for deleting access policies.

  • bitwarden_license/src/Commercial.Core/SecretManagerFeatures/SecretManagerCollectionExtensions.cs

Add create, update, and delete commands into dependency injection.

  • bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/AccessPolicyRepository.cs src/Core/Repositories/IAccessPolicyRepository.cs

A generic repository that handles making database updates for all entities that inherit from the BaseAccessPolicy.

For now this is just implemented for policies targeting access policy types for projects: UserProjectAccessPolicy, GroupProjectAccessPolicy, and ServiceAccountProjectAccessPolicy.

The idea being of implementing the rest of the access policy types in the same repository for service accounts.

  • bitwarden_license/test/Commercial.Core.Test/SecretManagerFeatures/AccessPolicies/CreateAccessPoliciesCommandTests.cs bitwarden_license/test/Commercial.Core.Test/SecretManagerFeatures/AccessPolicies/DeleteAccessPolicyCommandTests.cs bitwarden_license/test/Commercial.Core.Test/SecretManagerFeatures/AccessPolicies/UpdateAccessPolicyCommandTests.cs

Unit tests for commands.

  • src/Api/Controllers/AccessPoliciesController.cs

Controller for access policy endpoints. This is hidden behind [SecretsManager].

  • src/Api/SecretManagerFeatures/Models/Request/AccessPoliciesCreateRequest.cs src/Api/SecretManagerFeatures/Models/Request/AccessPolicyUpdateRequest.cs

Api request models.

  • src/Api/SecretManagerFeatures/Models/Response/AccessPoliciesResponseModel.cs src/Api/SecretManagerFeatures/Models/Response/AccessPolicyResponseModel.cs

Api response models.

  • src/Core/Entities/AccessPolicy.cs

Updating core entities to enable passing grantee model references, so Api response models will contain the grantee ID and grantee name.

  • src/Infrastructure.EntityFramework/Models/AccessPolicy.cs

Update mappings for concrete access policy classes.

  • src/Infrastructure.EntityFramework/Repositories/AccessPolicyRepository.cs

Removing and moved to bitwarden_license/src/Commercial.Infrastructure.EntityFramework/Repositories/ with all the other secret manager repository classes.

  • src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs

With EF Core TPH we need the inherited classes in the database context.

  • test/Api.IntegrationTest/Controllers/AccessPoliciesControllerTest.cs

Integration tests for the access policies controller.

  • test/Api.IntegrationTest/Models/AccessPoliciesResult.cs

A model to parse the JSON HTTP content results into from the integration tests.

  • test/Api.Test/Controllers/AccessPoliciesControllerTests.cs

Unit tests for the access policies controller.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

Thomas-Avery avatar Dec 19 '22 22:12 Thomas-Avery