Upstream/bitwarden-server
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2024-11-25 12:45:18 +01:00
Code Issues Projects Releases Wiki Activity
770a341a61
bitwarden-server/test/Api.Test/SecretsManager/Controllers/AccessPoliciesControllerTests.cs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

475 lines
21 KiB
C#
Raw Normal View History

[SM-460] Isolate SecretsManager files (#2616) Move SecretsManager files to directories called SecretsManager and add CodeOwners
2023-01-24 19:57:28 +01:00
using Bit.Api.SecretsManager.Controllers;
using Bit.Api.SecretsManager.Models.Request;
[SM-485] Add access policy on project creation (#2678) * Add bootstrap access policy on create * Update project integration tests
2023-02-09 15:58:05 +01:00
using Bit.Api.Test.SecretsManager.Enums;
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
using Bit.Core.Context;
using Bit.Core.Entities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Repositories;
[SM-460] Isolate SecretsManager files (#2616) Move SecretsManager files to directories called SecretsManager and add CodeOwners
2023-01-24 19:57:28 +01:00
using Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
using Bit.Core.Services;
using Bit.Core.Test.SecretsManager.AutoFixture.ProjectsFixture;
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
using Bit.Test.Common.AutoFixture;
using Bit.Test.Common.AutoFixture.Attributes;
using Bit.Test.Common.Helpers;
using NSubstitute;
using NSubstitute.ReturnsExtensions;
using Xunit;
[SM-460] Isolate SecretsManager files (#2616) Move SecretsManager files to directories called SecretsManager and add CodeOwners
2023-01-24 19:57:28 +01:00
namespace Bit.Api.Test.SecretsManager.Controllers;
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
[ControllerCustomize(typeof(AccessPoliciesController))]
[SutProviderCustomize]
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
[ProjectCustomize]
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
[JsonDocumentCustomize]
public class AccessPoliciesControllerTests
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
private static void SetupAdmin(SutProvider<AccessPoliciesController> sutProvider, Guid organizationId)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
{
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(true);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
}
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
private static void SetupUserWithPermission(SutProvider<AccessPoliciesController> sutProvider, Guid organizationId)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
{
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<ICurrentContext>().OrganizationUser(default).ReturnsForAnyArgs(true);
}
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
private static void SetupUserWithoutPermission(SutProvider<AccessPoliciesController> sutProvider,
Guid organizationId)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
{
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(true);
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(organizationId).Returns(false);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<ICurrentContext>().OrganizationUser(default).ReturnsForAnyArgs(true);
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
}
private static void SetupPermission(SutProvider<AccessPoliciesController> sutProvider, PermissionType permissionType, Guid orgId)
{
switch (permissionType)
{
case PermissionType.RunAsAdmin:
SetupAdmin(sutProvider, orgId);
break;
case PermissionType.RunAsUserWithPermission:
SetupUserWithPermission(sutProvider, orgId);
break;
}
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
}
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
[Theory]
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetProjectAccessPolicies_ReturnsEmptyList(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id, Project data)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
switch (permissionType)
{
case PermissionType.RunAsAdmin:
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupAdmin(sutProvider, data.OrganizationId);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
break;
case PermissionType.RunAsUserWithPermission:
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupUserWithPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
.ReturnsForAnyArgs(true);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
break;
}
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
var result = await sutProvider.Sut.GetProjectAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
[SM-465] Add access policy on service account creation (#2649) * Add access policy on service account creation
2023-02-02 19:25:14 +01:00
.GetManyByGrantedProjectIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
Assert.Empty(result.GroupAccessPolicies);
Assert.Empty(result.UserAccessPolicies);
Assert.Empty(result.ServiceAccountAccessPolicies);
}
[Theory]
[BitAutoData]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetProjectAccessPolicies_UserWithoutPermission_Throws(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
Project data)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
.ReturnsForAnyArgs(false);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetProjectAccessPoliciesAsync(id));
await sutProvider.GetDependency<IAccessPolicyRepository>().DidNotReceiveWithAnyArgs()
.GetManyByGrantedProjectIdAsync(Arg.Any<Guid>());
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetProjectAccessPolicies_Success(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
Project data,
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
UserProjectAccessPolicy resultAccessPolicy)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
switch (permissionType)
{
case PermissionType.RunAsAdmin:
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupAdmin(sutProvider, data.OrganizationId);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
break;
case PermissionType.RunAsUserWithPermission:
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupUserWithPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
.ReturnsForAnyArgs(true);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
break;
}
[SM-465] Add access policy on service account creation (#2649) * Add access policy on service account creation
2023-02-02 19:25:14 +01:00
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedProjectIdAsync(default)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
var result = await sutProvider.Sut.GetProjectAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
[SM-465] Add access policy on service account creation (#2649) * Add access policy on service account creation
2023-02-02 19:25:14 +01:00
.GetManyByGrantedProjectIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
Assert.Empty(result.GroupAccessPolicies);
Assert.NotEmpty(result.UserAccessPolicies);
Assert.Empty(result.ServiceAccountAccessPolicies);
}
[Theory]
[BitAutoData]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetProjectAccessPolicies_ProjectsExist_UserWithoutPermission_Throws(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
Project data,
UserProjectAccessPolicy resultAccessPolicy)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IProjectRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
sutProvider.GetDependency<IProjectRepository>().UserHasWriteAccessToProject(default, default)
.ReturnsForAnyArgs(false);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedProjectIdAsync(default)
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetProjectAccessPoliciesAsync(id));
await sutProvider.GetDependency<IAccessPolicyRepository>().DidNotReceiveWithAnyArgs()
.GetManyByGrantedProjectIdAsync(Arg.Any<Guid>());
}
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
public async void GetServiceAccountAccessPolicies_ReturnsEmptyList(
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id, ServiceAccount data)
{
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(data.Id).ReturnsForAnyArgs(data);
switch (permissionType)
{
case PermissionType.RunAsAdmin:
SetupAdmin(sutProvider, data.OrganizationId);
break;
case PermissionType.RunAsUserWithPermission:
SetupUserWithPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IServiceAccountRepository>()
.UserHasWriteAccessToServiceAccount(default, default)
.ReturnsForAnyArgs(true);
break;
}
var result = await sutProvider.Sut.GetServiceAccountAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
.GetManyByGrantedServiceAccountIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.Empty(result.UserAccessPolicies);
Assert.Empty(result.GroupAccessPolicies);
}
[Theory]
[BitAutoData]
public async void GetServiceAccountAccessPolicies_UserWithoutPermission_Throws(
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
ServiceAccount data)
{
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
sutProvider.GetDependency<IServiceAccountRepository>().UserHasWriteAccessToServiceAccount(default, default)
.ReturnsForAnyArgs(false);
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetServiceAccountAccessPoliciesAsync(id));
await sutProvider.GetDependency<IAccessPolicyRepository>().DidNotReceiveWithAnyArgs()
.GetManyByGrantedServiceAccountIdAsync(Arg.Any<Guid>());
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
public async void GetServiceAccountAccessPolicies_Success(
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
ServiceAccount data,
UserServiceAccountAccessPolicy resultAccessPolicy)
{
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
switch (permissionType)
{
case PermissionType.RunAsAdmin:
SetupAdmin(sutProvider, data.OrganizationId);
break;
case PermissionType.RunAsUserWithPermission:
SetupUserWithPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IServiceAccountRepository>()
.UserHasWriteAccessToServiceAccount(default, default)
.ReturnsForAnyArgs(true);
break;
}
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedServiceAccountIdAsync(default)
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
var result = await sutProvider.Sut.GetServiceAccountAccessPoliciesAsync(id);
await sutProvider.GetDependency<IAccessPolicyRepository>().Received(1)
.GetManyByGrantedServiceAccountIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.Empty(result.GroupAccessPolicies);
Assert.NotEmpty(result.UserAccessPolicies);
}
[Theory]
[BitAutoData]
public async void GetServiceAccountAccessPolicies_ServiceAccountExists_UserWithoutPermission_Throws(
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
ServiceAccount data,
UserServiceAccountAccessPolicy resultAccessPolicy)
{
SetupUserWithoutPermission(sutProvider, data.OrganizationId);
sutProvider.GetDependency<IServiceAccountRepository>().GetByIdAsync(default).ReturnsForAnyArgs(data);
sutProvider.GetDependency<IServiceAccountRepository>().UserHasWriteAccessToServiceAccount(default, default)
.ReturnsForAnyArgs(false);
sutProvider.GetDependency<IAccessPolicyRepository>().GetManyByGrantedServiceAccountIdAsync(default)
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { resultAccessPolicy });
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetServiceAccountAccessPoliciesAsync(id));
await sutProvider.GetDependency<IAccessPolicyRepository>().DidNotReceiveWithAnyArgs()
.GetManyByGrantedServiceAccountIdAsync(Arg.Any<Guid>());
}
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
[Theory]
[BitAutoData]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void CreateProjectAccessPolicies_Success(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
UserProjectAccessPolicy data,
AccessPoliciesCreateRequest request)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
{
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
sutProvider.GetDependency<ICreateAccessPoliciesCommand>().CreateForProjectAsync(default, default, default)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
await sutProvider.Sut.CreateProjectAccessPoliciesAsync(id, request);
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().Received(1)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
.CreateForProjectAsync(Arg.Any<Guid>(), Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>());
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
}
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
[Theory]
[BitAutoData]
public async void CreateServiceAccountAccessPolicies_Success(
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
UserServiceAccountAccessPolicy data,
AccessPoliciesCreateRequest request)
{
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
sutProvider.GetDependency<ICreateAccessPoliciesCommand>()
.CreateForServiceAccountAsync(default, default, default)
.ReturnsForAnyArgs(new List<BaseAccessPolicy> { data });
await sutProvider.Sut.CreateServiceAccountAccessPoliciesAsync(id, request);
await sutProvider.GetDependency<ICreateAccessPoliciesCommand>().Received(1)
.CreateForServiceAccountAsync(Arg.Any<Guid>(), Arg.Any<List<BaseAccessPolicy>>(), Arg.Any<Guid>());
}
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
[Theory]
[BitAutoData]
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
public async void UpdateAccessPolicies_Success(
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
UserProjectAccessPolicy data,
AccessPolicyUpdateRequest request)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
{
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
sutProvider.GetDependency<IUpdateAccessPolicyCommand>().UpdateAsync(default, default, default, default)
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
.ReturnsForAnyArgs(data);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
await sutProvider.Sut.UpdateAccessPolicyAsync(id, request);
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
await sutProvider.GetDependency<IUpdateAccessPolicyCommand>().Received(1)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
.UpdateAsync(Arg.Any<Guid>(), Arg.Is(request.Read), Arg.Is(request.Write), Arg.Any<Guid>());
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
}
[Theory]
[BitAutoData]
public async void DeleteAccessPolicies_Success(SutProvider<AccessPoliciesController> sutProvider, Guid id)
{
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
sutProvider.GetDependency<IDeleteAccessPolicyCommand>().DeleteAsync(default, default).ReturnsNull();
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
await sutProvider.Sut.DeleteAccessPolicyAsync(id);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
await sutProvider.GetDependency<IDeleteAccessPolicyCommand>().Received(1)
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
.DeleteAsync(Arg.Any<Guid>(), Arg.Any<Guid>());
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetPeoplePotentialGrantees_ReturnsEmptyList(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupPermission(sutProvider, permissionType, id);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
var result = await sutProvider.Sut.GetPeoplePotentialGranteesAsync(id);
await sutProvider.GetDependency<IGroupRepository>().Received(1)
.GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
.GetManyDetailsByOrganizationAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.Empty(result.Data);
}
[Theory]
[BitAutoData]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetPeoplePotentialGrantees_UserWithoutPermission_Throws(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
SutProvider<AccessPoliciesController> sutProvider,
Guid id)
{
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(id).Returns(false);
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(false);
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetPeoplePotentialGranteesAsync(id));
await sutProvider.GetDependency<IGroupRepository>().DidNotReceiveWithAnyArgs()
.GetManyByOrganizationIdAsync(Arg.Any<Guid>());
await sutProvider.GetDependency<IOrganizationUserRepository>().DidNotReceiveWithAnyArgs()
.GetManyDetailsByOrganizationAsync(Arg.Any<Guid>());
await sutProvider.GetDependency<IServiceAccountRepository>().DidNotReceiveWithAnyArgs()
.GetManyByOrganizationIdWriteAccessAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetPeoplePotentialGrantees_Success(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
Group mockGroup)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupPermission(sutProvider, permissionType, id);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IGroupRepository>().GetManyByOrganizationIdAsync(default)
.ReturnsForAnyArgs(new List<Group> { mockGroup });
var result = await sutProvider.Sut.GetPeoplePotentialGranteesAsync(id);
await sutProvider.GetDependency<IGroupRepository>().Received(1)
.GetManyByOrganizationIdAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
await sutProvider.GetDependency<IOrganizationUserRepository>().Received(1)
.GetManyDetailsByOrganizationAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)));
Assert.NotEmpty(result.Data);
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
public async void GetServiceAccountsPotentialGrantees_ReturnsEmptyList(
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupPermission(sutProvider, permissionType, id);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
var result = await sutProvider.Sut.GetServiceAccountsPotentialGranteesAsync(id);
await sutProvider.GetDependency<IServiceAccountRepository>().Received(1)
.GetManyByOrganizationIdWriteAccessAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)),
Arg.Is(AssertHelper.AssertPropertyEqual(id)),
Arg.Any<AccessClientType>());
Assert.Empty(result.Data);
}
[Theory]
[BitAutoData]
public async void GetServiceAccountsPotentialGranteesAsync_UserWithoutPermission_Throws(
SutProvider<AccessPoliciesController> sutProvider,
Guid id)
{
sutProvider.GetDependency<ICurrentContext>().OrganizationAdmin(id).Returns(false);
sutProvider.GetDependency<ICurrentContext>().AccessSecretsManager(default).ReturnsForAnyArgs(false);
sutProvider.GetDependency<IUserService>().GetProperUserId(default).ReturnsForAnyArgs(Guid.NewGuid());
await Assert.ThrowsAsync<NotFoundException>(() => sutProvider.Sut.GetServiceAccountsPotentialGranteesAsync(id));
await sutProvider.GetDependency<IServiceAccountRepository>().DidNotReceiveWithAnyArgs()
.GetManyByOrganizationIdWriteAccessAsync(Arg.Any<Guid>(), Arg.Any<Guid>(), Arg.Any<AccessClientType>());
}
[Theory]
[BitAutoData(PermissionType.RunAsAdmin)]
[BitAutoData(PermissionType.RunAsUserWithPermission)]
public async void GetServiceAccountsPotentialGranteesAsync_Success(
PermissionType permissionType,
SutProvider<AccessPoliciesController> sutProvider,
Guid id,
ServiceAccount mockServiceAccount)
{
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
SetupPermission(sutProvider, permissionType, id);
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
sutProvider.GetDependency<IServiceAccountRepository>().GetManyByOrganizationIdWriteAccessAsync(default, default, default)
[SM-473] Access Policies - Service Accounts (#2658) * Add service account access policy endpoints * Add unit & integration tests for new endpoints * Fix formatting on response models * Cleanup unit tests
2023-02-07 21:30:22 +01:00
.ReturnsForAnyArgs(new List<ServiceAccount> { mockServiceAccount });
[SM-429] Add permission checks to access policy endpoints (#2628) * Add permission checks to access policy endpoints * Fix unit tests * Add service account grant permission checks * Add service account grant tests * Add new endpoint unit tests * Cleanup unit tests add integration tests * User permission enum in create tests * Swap to NotFoundException for access checks * Add filter for potential grantees * Add in AccessSecretsManager check and test it * Add code review updates * Code review updates * Refactor potential grantees endpoint * Code review updates
2023-02-06 18:26:06 +01:00
var result = await sutProvider.Sut.GetServiceAccountsPotentialGranteesAsync(id);
await sutProvider.GetDependency<IServiceAccountRepository>().Received(1)
.GetManyByOrganizationIdWriteAccessAsync(Arg.Is(AssertHelper.AssertPropertyEqual(id)),
Arg.Is(AssertHelper.AssertPropertyEqual(id)),
Arg.Any<AccessClientType>());
Assert.NotEmpty(result.Data);
[SM-390] Project Access Policies (#2507) The purpose of this PR is to create server endpoints for creating, reading, updating, and deleting access policies for projects.
2023-01-20 00:31:19 +01:00
}
}
Reference in New Issue Copy Permalink