Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity
6f7cdcfcea
bitwarden-server/test/Core.Test/SecretsManager/Models/ProjectServiceAccountsAccessPoliciesTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

80 lines
3.3 KiB
C#
Raw Normal View History

[SM-923] Add project service accounts access policies management endpoints (#3993) * Add new models * Update repositories * Add new authz handler * Add new query * Add new command * Add authz, command, and query to DI * Add new endpoint to controller * Add query unit tests * Add api unit tests * Add api integration tests
2024-05-02 18:06:20 +02:00
#nullable enable
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Enums.AccessPolicies;
using Bit.Core.SecretsManager.Models.Data;
using Xunit;
namespace Bit.Core.Test.SecretsManager.Models;
public class ProjectServiceAccountsAccessPoliciesTests
{
[Fact]
public void GetPolicyUpdates_NoChanges_ReturnsEmptyList()
{
var serviceAccountId1 = Guid.NewGuid();
var serviceAccountId2 = Guid.NewGuid();
var projectId = Guid.NewGuid();
var existing = new ProjectServiceAccountsAccessPolicies
{
ServiceAccountAccessPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { ServiceAccountId = serviceAccountId1, GrantedProjectId = projectId, Read = true, Write = true },
new() { ServiceAccountId = serviceAccountId2, GrantedProjectId = projectId, Read = false, Write = true }
}
};
var result = existing.GetPolicyUpdates(existing);
Assert.Empty(result.ServiceAccountAccessPolicyUpdates);
}
[Fact]
public void GetPolicyUpdates_ReturnsCorrectPolicyChanges()
{
var serviceAccountId1 = Guid.NewGuid();
var serviceAccountId2 = Guid.NewGuid();
var serviceAccountId3 = Guid.NewGuid();
var serviceAccountId4 = Guid.NewGuid();
var projectId = Guid.NewGuid();
var existing = new ProjectServiceAccountsAccessPolicies
{
ServiceAccountAccessPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { ServiceAccountId = serviceAccountId1, GrantedProjectId = projectId, Read = true, Write = true },
new() { ServiceAccountId = serviceAccountId3, GrantedProjectId = projectId, Read = true, Write = true },
new() { ServiceAccountId = serviceAccountId4, GrantedProjectId = projectId, Read = true, Write = true }
}
};
var requested = new ProjectServiceAccountsAccessPolicies
{
ServiceAccountAccessPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { ServiceAccountId = serviceAccountId1, GrantedProjectId = projectId, Read = true, Write = false },
new() { ServiceAccountId = serviceAccountId2, GrantedProjectId = projectId, Read = false, Write = true },
new() { ServiceAccountId = serviceAccountId3, GrantedProjectId = projectId, Read = true, Write = true }
}
};
var result = existing.GetPolicyUpdates(requested);
Assert.Contains(serviceAccountId2, result.ServiceAccountAccessPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Create)
.Select(pu => pu.AccessPolicy.ServiceAccountId!.Value));
Assert.Contains(serviceAccountId4, result.ServiceAccountAccessPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Delete)
.Select(pu => pu.AccessPolicy.ServiceAccountId!.Value));
Assert.Contains(serviceAccountId1, result.ServiceAccountAccessPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Update)
.Select(pu => pu.AccessPolicy.ServiceAccountId!.Value));
Assert.DoesNotContain(serviceAccountId3, result.ServiceAccountAccessPolicyUpdates
.Select(pu => pu.AccessPolicy.ServiceAccountId!.Value));
}
}
Reference in New Issue Copy Permalink