Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-22 12:15:36 +01:00
Code Issues Projects Releases Wiki Activity
33befe24a5
bitwarden-server/test/Api.Test/SecretsManager/Utilities/AccessPolicyHelpersTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

102 lines
3.6 KiB
C#
Raw Normal View History

[SM-910] Add service account granted policies management endpoints (#3736) * Add the ability to get multi projects access * Add access policy helper + tests * Add new data/request models * Add access policy operations to repo * Add authz handler for new operations * Add new controller endpoints * add updating service account revision
2024-05-01 18:47:11 +02:00
#nullable enable
using Bit.Api.SecretsManager.Utilities;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
using Bit.Core.Test.SecretsManager.AutoFixture.SecretsFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Xunit;
namespace Bit.Api.Test.SecretsManager.Utilities;
[ProjectCustomize]
[SecretCustomize]
public class AccessPolicyHelpersTests
{
[Theory]
[BitAutoData]
public void CheckForDistinctAccessPolicies_DuplicateAccessPolicies_ThrowsBadRequestException(
UserProjectAccessPolicy userProjectAccessPolicy, UserServiceAccountAccessPolicy userServiceAccountAccessPolicy,
GroupProjectAccessPolicy groupProjectAccessPolicy,
GroupServiceAccountAccessPolicy groupServiceAccountAccessPolicy,
ServiceAccountProjectAccessPolicy serviceAccountProjectAccessPolicy)
{
var accessPolicies = new List<BaseAccessPolicy>
{
userProjectAccessPolicy,
userProjectAccessPolicy,
userServiceAccountAccessPolicy,
userServiceAccountAccessPolicy,
groupProjectAccessPolicy,
groupProjectAccessPolicy,
groupServiceAccountAccessPolicy,
groupServiceAccountAccessPolicy,
serviceAccountProjectAccessPolicy,
serviceAccountProjectAccessPolicy
};
Assert.Throws<BadRequestException>(() =>
{
AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies);
});
}
[Fact]
public void CheckForDistinctAccessPolicies_UnsupportedAccessPolicy_ThrowsArgumentException()
{
var accessPolicies = new List<BaseAccessPolicy> { new UnsupportedAccessPolicy() };
Assert.Throws<ArgumentException>(() => { AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies); });
}
[Theory]
[BitAutoData]
public void CheckForDistinctAccessPolicies_DistinctPolicies_Success(UserProjectAccessPolicy userProjectAccessPolicy,
UserServiceAccountAccessPolicy userServiceAccountAccessPolicy,
GroupProjectAccessPolicy groupProjectAccessPolicy,
GroupServiceAccountAccessPolicy groupServiceAccountAccessPolicy,
ServiceAccountProjectAccessPolicy serviceAccountProjectAccessPolicy)
{
var accessPolicies = new List<BaseAccessPolicy>
{
userProjectAccessPolicy,
userServiceAccountAccessPolicy,
groupProjectAccessPolicy,
groupServiceAccountAccessPolicy,
serviceAccountProjectAccessPolicy
};
AccessPolicyHelpers.CheckForDistinctAccessPolicies(accessPolicies);
}
[Fact]
public void CheckAccessPoliciesHaveReadPermission_ReadPermissionFalse_ThrowsBadRequestException()
{
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy { Read = false, Write = true },
new GroupProjectAccessPolicy { Read = true, Write = false }
};
Assert.Throws<BadRequestException>(() =>
{
AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(accessPolicies);
});
}
[Fact]
public void CheckAccessPoliciesHaveReadPermission_AllReadIsTrue_Success()
{
var accessPolicies = new List<BaseAccessPolicy>
{
new UserProjectAccessPolicy { Read = true, Write = true },
new GroupProjectAccessPolicy { Read = true, Write = false }
};
AccessPolicyHelpers.CheckAccessPoliciesHaveReadPermission(accessPolicies);
}
private class UnsupportedAccessPolicy : BaseAccessPolicy;
}
Reference in New Issue Copy Permalink