2023-01-31 18:38:53 +01:00
|
|
|
|
using Bit.Api.IntegrationTest.Factories;
|
|
|
|
|
using Bit.Api.IntegrationTest.Helpers;
|
2023-11-29 00:18:08 +01:00
|
|
|
|
using Bit.Core.AdminConsole.Entities;
|
2023-01-31 18:38:53 +01:00
|
|
|
|
using Bit.Core.Entities;
|
|
|
|
|
using Bit.Core.Enums;
|
|
|
|
|
using Bit.Core.Repositories;
|
2024-03-29 17:00:30 +01:00
|
|
|
|
using Bit.Core.SecretsManager.Commands.AccessTokens.Interfaces;
|
|
|
|
|
using Bit.Core.SecretsManager.Entities;
|
|
|
|
|
using Bit.Core.SecretsManager.Models.Data;
|
|
|
|
|
using Bit.Core.SecretsManager.Repositories;
|
2023-01-31 18:38:53 +01:00
|
|
|
|
|
2024-03-29 17:00:30 +01:00
|
|
|
|
namespace Bit.Api.IntegrationTest.SecretsManager.Helpers;
|
2023-01-31 18:38:53 +01:00
|
|
|
|
|
|
|
|
|
public class SecretsManagerOrganizationHelper
|
|
|
|
|
{
|
|
|
|
|
private readonly ApiApplicationFactory _factory;
|
|
|
|
|
private readonly string _ownerEmail;
|
|
|
|
|
private readonly IOrganizationRepository _organizationRepository;
|
|
|
|
|
private readonly IOrganizationUserRepository _organizationUserRepository;
|
2024-03-29 17:00:30 +01:00
|
|
|
|
private readonly IServiceAccountRepository _serviceAccountRepository;
|
|
|
|
|
private readonly ICreateAccessTokenCommand _createAccessTokenCommand;
|
2023-01-31 18:38:53 +01:00
|
|
|
|
|
2024-03-29 17:00:30 +01:00
|
|
|
|
private Organization _organization = null!;
|
|
|
|
|
private OrganizationUser _owner = null!;
|
2023-01-31 18:38:53 +01:00
|
|
|
|
|
|
|
|
|
public SecretsManagerOrganizationHelper(ApiApplicationFactory factory, string ownerEmail)
|
|
|
|
|
{
|
|
|
|
|
_factory = factory;
|
|
|
|
|
_organizationRepository = factory.GetService<IOrganizationRepository>();
|
|
|
|
|
_organizationUserRepository = factory.GetService<IOrganizationUserRepository>();
|
|
|
|
|
_ownerEmail = ownerEmail;
|
2024-03-29 17:00:30 +01:00
|
|
|
|
_serviceAccountRepository = factory.GetService<IServiceAccountRepository>();
|
|
|
|
|
_createAccessTokenCommand = factory.GetService<ICreateAccessTokenCommand>();
|
2023-01-31 18:38:53 +01:00
|
|
|
|
}
|
|
|
|
|
|
2023-10-16 16:29:02 +02:00
|
|
|
|
public async Task<(Organization organization, OrganizationUser owner)> Initialize(bool useSecrets, bool ownerAccessSecrets, bool organizationEnabled)
|
2023-01-31 18:38:53 +01:00
|
|
|
|
{
|
|
|
|
|
(_organization, _owner) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: _ownerEmail, billingEmail: _ownerEmail);
|
|
|
|
|
|
2023-10-16 16:29:02 +02:00
|
|
|
|
if (useSecrets || !organizationEnabled)
|
2023-01-31 18:38:53 +01:00
|
|
|
|
{
|
2023-10-16 16:29:02 +02:00
|
|
|
|
if (useSecrets)
|
|
|
|
|
{
|
|
|
|
|
_organization.UseSecretsManager = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!organizationEnabled)
|
|
|
|
|
{
|
|
|
|
|
_organization.Enabled = false;
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 18:38:53 +01:00
|
|
|
|
await _organizationRepository.ReplaceAsync(_organization);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ownerAccessSecrets)
|
|
|
|
|
{
|
|
|
|
|
_owner.AccessSecretsManager = ownerAccessSecrets;
|
|
|
|
|
await _organizationUserRepository.ReplaceAsync(_owner);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (_organization, _owner);
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-27 18:13:52 +02:00
|
|
|
|
public async Task<Organization> CreateSmOrganizationAsync()
|
|
|
|
|
{
|
|
|
|
|
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
|
|
|
|
await _factory.LoginWithNewAccount(email);
|
2024-03-29 17:00:30 +01:00
|
|
|
|
var (organization, _) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: email, billingEmail: email);
|
2023-10-27 18:13:52 +02:00
|
|
|
|
return organization;
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-31 18:38:53 +01:00
|
|
|
|
public async Task<(string email, OrganizationUser orgUser)> CreateNewUser(OrganizationUserType userType, bool accessSecrets)
|
|
|
|
|
{
|
|
|
|
|
var email = $"integration-test{Guid.NewGuid()}@bitwarden.com";
|
|
|
|
|
await _factory.LoginWithNewAccount(email);
|
|
|
|
|
var orgUser = await OrganizationTestHelpers.CreateUserAsync(_factory, _organization.Id, email, userType, accessSecrets);
|
|
|
|
|
|
|
|
|
|
return (email, orgUser);
|
|
|
|
|
}
|
2024-03-29 17:00:30 +01:00
|
|
|
|
|
|
|
|
|
public async Task<ApiKeyClientSecretDetails> CreateNewServiceAccountApiKeyAsync()
|
|
|
|
|
{
|
|
|
|
|
var serviceAccountId = Guid.NewGuid();
|
|
|
|
|
var serviceAccount = new ServiceAccount
|
|
|
|
|
{
|
|
|
|
|
Id = serviceAccountId,
|
|
|
|
|
OrganizationId = _organization.Id,
|
|
|
|
|
Name = $"integration-test-{serviceAccountId}sa",
|
|
|
|
|
CreationDate = DateTime.UtcNow,
|
|
|
|
|
RevisionDate = DateTime.UtcNow
|
|
|
|
|
};
|
|
|
|
|
await _serviceAccountRepository.CreateAsync(serviceAccount);
|
|
|
|
|
|
|
|
|
|
var apiKey = new ApiKey
|
|
|
|
|
{
|
|
|
|
|
ServiceAccountId = serviceAccountId,
|
|
|
|
|
Name = "integration-token",
|
|
|
|
|
Key = Guid.NewGuid().ToString(),
|
|
|
|
|
ExpireAt = null,
|
|
|
|
|
Scope = "[\"api.secrets\"]",
|
|
|
|
|
EncryptedPayload = Guid.NewGuid().ToString()
|
|
|
|
|
};
|
|
|
|
|
return await _createAccessTokenCommand.CreateAsync(apiKey);
|
|
|
|
|
}
|
2023-01-31 18:38:53 +01:00
|
|
|
|
}
|