mirror of
https://github.com/bitwarden/server.git
synced 2024-11-25 12:45:18 +01:00
[SM-713] Add database support for secret access policies (#3681)
* mssql add column and migration * Add secret access policies to EF models and config * Clear new access policies on service account delete * Add SM cleanup code on delete * Fix EF org user bulk delete * Run EF migrations
This commit is contained in:
parent
374b59bcfb
commit
1499d1e2c6
@ -84,22 +84,29 @@ public class ServiceAccountRepository : Repository<Core.SecretsManager.Entities.
|
||||
|
||||
public async Task DeleteManyByIdAsync(IEnumerable<Guid> ids)
|
||||
{
|
||||
var targetIds = ids.ToList();
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
|
||||
await using var transaction = await dbContext.Database.BeginTransactionAsync();
|
||||
|
||||
// Policies can't have a cascade delete, so we need to delete them manually.
|
||||
var policies = dbContext.AccessPolicies.Where(ap =>
|
||||
((ServiceAccountProjectAccessPolicy)ap).ServiceAccountId.HasValue && ids.Contains(((ServiceAccountProjectAccessPolicy)ap).ServiceAccountId!.Value) ||
|
||||
((GroupServiceAccountAccessPolicy)ap).GrantedServiceAccountId.HasValue && ids.Contains(((GroupServiceAccountAccessPolicy)ap).GrantedServiceAccountId!.Value) ||
|
||||
((UserServiceAccountAccessPolicy)ap).GrantedServiceAccountId.HasValue && ids.Contains(((UserServiceAccountAccessPolicy)ap).GrantedServiceAccountId!.Value));
|
||||
dbContext.RemoveRange(policies);
|
||||
await dbContext.AccessPolicies.Where(ap =>
|
||||
targetIds.Contains(((ServiceAccountProjectAccessPolicy)ap).ServiceAccountId!.Value) ||
|
||||
targetIds.Contains(((ServiceAccountSecretAccessPolicy)ap).ServiceAccountId!.Value) ||
|
||||
targetIds.Contains(((GroupServiceAccountAccessPolicy)ap).GrantedServiceAccountId!.Value) ||
|
||||
targetIds.Contains(((UserServiceAccountAccessPolicy)ap).GrantedServiceAccountId!.Value))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
var apiKeys = dbContext.ApiKeys.Where(a => a.ServiceAccountId.HasValue && ids.Contains(a.ServiceAccountId!.Value));
|
||||
dbContext.RemoveRange(apiKeys);
|
||||
await dbContext.ApiKeys
|
||||
.Where(a => targetIds.Contains(a.ServiceAccountId!.Value))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
var serviceAccounts = dbContext.ServiceAccount.Where(c => ids.Contains(c.Id));
|
||||
dbContext.RemoveRange(serviceAccounts);
|
||||
await dbContext.SaveChangesAsync();
|
||||
await dbContext.ServiceAccount
|
||||
.Where(c => targetIds.Contains(c.Id))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
await transaction.CommitAsync();
|
||||
}
|
||||
|
||||
public async Task<(bool Read, bool Write)> AccessToServiceAccountAsync(Guid id, Guid userId,
|
||||
|
@ -38,6 +38,14 @@ public class UserServiceAccountAccessPolicy : BaseAccessPolicy
|
||||
public ServiceAccount? GrantedServiceAccount { get; set; }
|
||||
}
|
||||
|
||||
public class UserSecretAccessPolicy : BaseAccessPolicy
|
||||
{
|
||||
public Guid? OrganizationUserId { get; set; }
|
||||
public User? User { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public Secret? GrantedSecret { get; set; }
|
||||
}
|
||||
|
||||
public class GroupProjectAccessPolicy : BaseAccessPolicy
|
||||
{
|
||||
public Guid? GroupId { get; set; }
|
||||
@ -56,6 +64,15 @@ public class GroupServiceAccountAccessPolicy : BaseAccessPolicy
|
||||
public ServiceAccount? GrantedServiceAccount { get; set; }
|
||||
}
|
||||
|
||||
public class GroupSecretAccessPolicy : BaseAccessPolicy
|
||||
{
|
||||
public Guid? GroupId { get; set; }
|
||||
public Group? Group { get; set; }
|
||||
public bool? CurrentUserInGroup { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public Secret? GrantedSecret { get; set; }
|
||||
}
|
||||
|
||||
public class ServiceAccountProjectAccessPolicy : BaseAccessPolicy
|
||||
{
|
||||
public Guid? ServiceAccountId { get; set; }
|
||||
@ -63,3 +80,11 @@ public class ServiceAccountProjectAccessPolicy : BaseAccessPolicy
|
||||
public Guid? GrantedProjectId { get; set; }
|
||||
public Project? GrantedProject { get; set; }
|
||||
}
|
||||
|
||||
public class ServiceAccountSecretAccessPolicy : BaseAccessPolicy
|
||||
{
|
||||
public Guid? ServiceAccountId { get; set; }
|
||||
public ServiceAccount? ServiceAccount { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public Secret? GrantedSecret { get; set; }
|
||||
}
|
||||
|
@ -180,6 +180,8 @@ public class OrganizationRepository : Repository<Core.AdminConsole.Entities.Orga
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.UserServiceAccountAccessPolicy.Where(ap => ap.OrganizationUser.OrganizationId == organization.Id)
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.UserSecretAccessPolicy.Where(ap => ap.OrganizationUser.OrganizationId == organization.Id)
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.OrganizationUsers.Where(ou => ou.OrganizationId == organization.Id)
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.ProviderOrganizations.Where(po => po.OrganizationId == organization.Id)
|
||||
|
@ -100,6 +100,8 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
|
||||
dbContext.UserProjectAccessPolicy.Where(ap => ap.OrganizationUserId == organizationUserId));
|
||||
dbContext.UserServiceAccountAccessPolicy.RemoveRange(
|
||||
dbContext.UserServiceAccountAccessPolicy.Where(ap => ap.OrganizationUserId == organizationUserId));
|
||||
dbContext.UserSecretAccessPolicy.RemoveRange(
|
||||
dbContext.UserSecretAccessPolicy.Where(ap => ap.OrganizationUserId == organizationUserId));
|
||||
|
||||
var orgSponsorships = await dbContext.OrganizationSponsorships
|
||||
.Where(os => os.SponsoringOrganizationUserId == organizationUserId)
|
||||
@ -117,18 +119,36 @@ public class OrganizationUserRepository : Repository<Core.Entities.OrganizationU
|
||||
|
||||
public async Task DeleteManyAsync(IEnumerable<Guid> organizationUserIds)
|
||||
{
|
||||
using (var scope = ServiceScopeFactory.CreateScope())
|
||||
{
|
||||
var targetOrganizationUserIds = organizationUserIds.ToList();
|
||||
using var scope = ServiceScopeFactory.CreateScope();
|
||||
var dbContext = GetDatabaseContext(scope);
|
||||
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdsAsync(organizationUserIds);
|
||||
var entities = await dbContext.OrganizationUsers
|
||||
// TODO: Does this work?
|
||||
.Where(ou => organizationUserIds.Contains(ou.Id))
|
||||
.ToListAsync();
|
||||
|
||||
dbContext.OrganizationUsers.RemoveRange(entities);
|
||||
var transaction = await dbContext.Database.BeginTransactionAsync();
|
||||
await dbContext.UserBumpAccountRevisionDateByOrganizationUserIdsAsync(targetOrganizationUserIds);
|
||||
|
||||
await dbContext.CollectionUsers
|
||||
.Where(cu => targetOrganizationUserIds.Contains(cu.OrganizationUserId))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
await dbContext.GroupUsers
|
||||
.Where(gu => targetOrganizationUserIds.Contains(gu.OrganizationUserId))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
await dbContext.UserProjectAccessPolicy
|
||||
.Where(ap => targetOrganizationUserIds.Contains(ap.OrganizationUserId!.Value))
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.UserServiceAccountAccessPolicy
|
||||
.Where(ap => targetOrganizationUserIds.Contains(ap.OrganizationUserId!.Value))
|
||||
.ExecuteDeleteAsync();
|
||||
await dbContext.UserSecretAccessPolicy
|
||||
.Where(ap => targetOrganizationUserIds.Contains(ap.OrganizationUserId!.Value))
|
||||
.ExecuteDeleteAsync();
|
||||
|
||||
await dbContext.OrganizationUsers
|
||||
.Where(ou => targetOrganizationUserIds.Contains(ou.Id)).ExecuteDeleteAsync();
|
||||
|
||||
await dbContext.SaveChangesAsync();
|
||||
}
|
||||
await transaction.CommitAsync();
|
||||
}
|
||||
|
||||
public async Task<Tuple<Core.Entities.OrganizationUser, ICollection<CollectionAccessSelection>>> GetByIdWithCollectionsAsync(Guid id)
|
||||
|
@ -27,6 +27,9 @@ public class DatabaseContext : DbContext
|
||||
public DbSet<ServiceAccountProjectAccessPolicy> ServiceAccountProjectAccessPolicy { get; set; }
|
||||
public DbSet<UserServiceAccountAccessPolicy> UserServiceAccountAccessPolicy { get; set; }
|
||||
public DbSet<GroupServiceAccountAccessPolicy> GroupServiceAccountAccessPolicy { get; set; }
|
||||
public DbSet<UserSecretAccessPolicy> UserSecretAccessPolicy { get; set; }
|
||||
public DbSet<GroupSecretAccessPolicy> GroupSecretAccessPolicy { get; set; }
|
||||
public DbSet<ServiceAccountSecretAccessPolicy> ServiceAccountSecretAccessPolicy { get; set; }
|
||||
public DbSet<ApiKey> ApiKeys { get; set; }
|
||||
public DbSet<Cipher> Ciphers { get; set; }
|
||||
public DbSet<Collection> Collections { get; set; }
|
||||
|
@ -13,9 +13,12 @@ public class AccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<Acce
|
||||
.HasDiscriminator<string>("Discriminator")
|
||||
.HasValue<UserProjectAccessPolicy>(AccessPolicyDiscriminator.UserProject)
|
||||
.HasValue<UserServiceAccountAccessPolicy>(AccessPolicyDiscriminator.UserServiceAccount)
|
||||
.HasValue<UserSecretAccessPolicy>(AccessPolicyDiscriminator.UserSecret)
|
||||
.HasValue<GroupProjectAccessPolicy>(AccessPolicyDiscriminator.GroupProject)
|
||||
.HasValue<GroupServiceAccountAccessPolicy>(AccessPolicyDiscriminator.GroupServiceAccount)
|
||||
.HasValue<ServiceAccountProjectAccessPolicy>(AccessPolicyDiscriminator.ServiceAccountProject);
|
||||
.HasValue<GroupSecretAccessPolicy>(AccessPolicyDiscriminator.GroupSecret)
|
||||
.HasValue<ServiceAccountProjectAccessPolicy>(AccessPolicyDiscriminator.ServiceAccountProject)
|
||||
.HasValue<ServiceAccountSecretAccessPolicy>(AccessPolicyDiscriminator.ServiceAccountSecret);
|
||||
|
||||
builder
|
||||
.Property(s => s.Id)
|
||||
@ -63,6 +66,26 @@ public class UserServiceAccountAccessPolicyEntityTypeConfiguration : IEntityType
|
||||
}
|
||||
}
|
||||
|
||||
public class UserSecretAccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<UserSecretAccessPolicy>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<UserSecretAccessPolicy> builder)
|
||||
{
|
||||
builder
|
||||
.Property(e => e.OrganizationUserId)
|
||||
.HasColumnName(nameof(UserSecretAccessPolicy.OrganizationUserId));
|
||||
|
||||
builder
|
||||
.Property(e => e.GrantedSecretId)
|
||||
.HasColumnName(nameof(UserSecretAccessPolicy.GrantedSecretId));
|
||||
|
||||
builder
|
||||
.HasOne(e => e.GrantedSecret)
|
||||
.WithMany(e => e.UserAccessPolicies)
|
||||
.HasForeignKey(nameof(UserSecretAccessPolicy.GrantedSecretId))
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
}
|
||||
}
|
||||
|
||||
public class GroupProjectAccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<GroupProjectAccessPolicy>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<GroupProjectAccessPolicy> builder)
|
||||
@ -109,6 +132,32 @@ public class GroupServiceAccountAccessPolicyEntityTypeConfiguration : IEntityTyp
|
||||
}
|
||||
}
|
||||
|
||||
public class GroupSecretAccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<GroupSecretAccessPolicy>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<GroupSecretAccessPolicy> builder)
|
||||
{
|
||||
builder
|
||||
.Property(e => e.GroupId)
|
||||
.HasColumnName(nameof(GroupSecretAccessPolicy.GroupId));
|
||||
|
||||
builder
|
||||
.Property(e => e.GrantedSecretId)
|
||||
.HasColumnName(nameof(GroupSecretAccessPolicy.GrantedSecretId));
|
||||
|
||||
builder
|
||||
.HasOne(e => e.GrantedSecret)
|
||||
.WithMany(e => e.GroupAccessPolicies)
|
||||
.HasForeignKey(nameof(GroupSecretAccessPolicy.GrantedSecretId))
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
builder
|
||||
.HasOne(e => e.Group)
|
||||
.WithMany()
|
||||
.HasForeignKey(nameof(GroupSecretAccessPolicy.GroupId))
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
}
|
||||
}
|
||||
|
||||
public class ServiceAccountProjectAccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<ServiceAccountProjectAccessPolicy>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<ServiceAccountProjectAccessPolicy> builder)
|
||||
@ -128,3 +177,23 @@ public class ServiceAccountProjectAccessPolicyEntityTypeConfiguration : IEntityT
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
}
|
||||
}
|
||||
|
||||
public class ServiceAccountSecretAccessPolicyEntityTypeConfiguration : IEntityTypeConfiguration<ServiceAccountSecretAccessPolicy>
|
||||
{
|
||||
public void Configure(EntityTypeBuilder<ServiceAccountSecretAccessPolicy> builder)
|
||||
{
|
||||
builder
|
||||
.Property(e => e.ServiceAccountId)
|
||||
.HasColumnName(nameof(ServiceAccountSecretAccessPolicy.ServiceAccountId));
|
||||
|
||||
builder
|
||||
.Property(e => e.GrantedSecretId)
|
||||
.HasColumnName(nameof(ServiceAccountSecretAccessPolicy.GrantedSecretId));
|
||||
|
||||
builder
|
||||
.HasOne(e => e.GrantedSecret)
|
||||
.WithMany(e => e.ServiceAccountAccessPolicies)
|
||||
.HasForeignKey(nameof(ServiceAccountSecretAccessPolicy.GrantedSecretId))
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
}
|
||||
}
|
||||
|
@ -4,8 +4,10 @@ public static class AccessPolicyDiscriminator
|
||||
{
|
||||
public const string UserProject = "user_project";
|
||||
public const string UserServiceAccount = "user_service_account";
|
||||
public const string UserSecret = "user_secret";
|
||||
public const string GroupProject = "group_project";
|
||||
public const string GroupServiceAccount = "group_service_account";
|
||||
public const string GroupSecret = "group_secret";
|
||||
public const string ServiceAccountProject = "service_account_project";
|
||||
|
||||
public const string ServiceAccountSecret = "service_account_secret";
|
||||
}
|
||||
|
@ -24,6 +24,12 @@ public class AccessPolicyMapperProfile : Profile
|
||||
.ReverseMap()
|
||||
.ForMember(dst => dst.User, opt => opt.MapFrom(src => src.OrganizationUser.User));
|
||||
|
||||
CreateMap<Core.SecretsManager.Entities.UserSecretAccessPolicy, UserSecretAccessPolicy>()
|
||||
.ForMember(dst => dst.GrantedSecret, opt => opt.Ignore())
|
||||
.ForMember(dst => dst.OrganizationUser, opt => opt.Ignore())
|
||||
.ReverseMap()
|
||||
.ForMember(dst => dst.User, opt => opt.MapFrom(src => src.OrganizationUser.User));
|
||||
|
||||
CreateMap<Core.SecretsManager.Entities.GroupProjectAccessPolicy, GroupProjectAccessPolicy>()
|
||||
.ForMember(dst => dst.GrantedProject, opt => opt.Ignore())
|
||||
.ForMember(dst => dst.Group, opt => opt.Ignore())
|
||||
@ -34,10 +40,20 @@ public class AccessPolicyMapperProfile : Profile
|
||||
.ForMember(dst => dst.Group, opt => opt.Ignore())
|
||||
.ReverseMap();
|
||||
|
||||
CreateMap<Core.SecretsManager.Entities.GroupSecretAccessPolicy, GroupSecretAccessPolicy>()
|
||||
.ForMember(dst => dst.GrantedSecret, opt => opt.Ignore())
|
||||
.ForMember(dst => dst.Group, opt => opt.Ignore())
|
||||
.ReverseMap();
|
||||
|
||||
CreateMap<Core.SecretsManager.Entities.ServiceAccountProjectAccessPolicy, ServiceAccountProjectAccessPolicy>()
|
||||
.ForMember(dst => dst.GrantedProject, opt => opt.Ignore())
|
||||
.ForMember(dst => dst.ServiceAccount, opt => opt.Ignore())
|
||||
.ReverseMap();
|
||||
|
||||
CreateMap<Core.SecretsManager.Entities.ServiceAccountSecretAccessPolicy, ServiceAccountSecretAccessPolicy>()
|
||||
.ForMember(dst => dst.GrantedSecret, opt => opt.Ignore())
|
||||
.ForMember(dst => dst.ServiceAccount, opt => opt.Ignore())
|
||||
.ReverseMap();
|
||||
}
|
||||
}
|
||||
|
||||
@ -61,6 +77,14 @@ public class UserServiceAccountAccessPolicy : AccessPolicy
|
||||
public virtual ServiceAccount GrantedServiceAccount { get; set; }
|
||||
}
|
||||
|
||||
public class UserSecretAccessPolicy : AccessPolicy
|
||||
{
|
||||
public Guid? OrganizationUserId { get; set; }
|
||||
public virtual OrganizationUser OrganizationUser { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public virtual Secret GrantedSecret { get; set; }
|
||||
}
|
||||
|
||||
public class GroupProjectAccessPolicy : AccessPolicy
|
||||
{
|
||||
public Guid? GroupId { get; set; }
|
||||
@ -77,6 +101,14 @@ public class GroupServiceAccountAccessPolicy : AccessPolicy
|
||||
public virtual ServiceAccount GrantedServiceAccount { get; set; }
|
||||
}
|
||||
|
||||
public class GroupSecretAccessPolicy : AccessPolicy
|
||||
{
|
||||
public Guid? GroupId { get; set; }
|
||||
public virtual Group Group { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public virtual Secret GrantedSecret { get; set; }
|
||||
}
|
||||
|
||||
public class ServiceAccountProjectAccessPolicy : AccessPolicy
|
||||
{
|
||||
public Guid? ServiceAccountId { get; set; }
|
||||
@ -84,3 +116,12 @@ public class ServiceAccountProjectAccessPolicy : AccessPolicy
|
||||
public Guid? GrantedProjectId { get; set; }
|
||||
public virtual Project GrantedProject { get; set; }
|
||||
}
|
||||
|
||||
public class ServiceAccountSecretAccessPolicy : AccessPolicy
|
||||
{
|
||||
public Guid? ServiceAccountId { get; set; }
|
||||
public virtual ServiceAccount ServiceAccount { get; set; }
|
||||
public Guid? GrantedSecretId { get; set; }
|
||||
public virtual Secret GrantedSecret { get; set; }
|
||||
}
|
||||
|
||||
|
@ -5,8 +5,11 @@ namespace Bit.Infrastructure.EntityFramework.SecretsManager.Models;
|
||||
|
||||
public class Secret : Core.SecretsManager.Entities.Secret
|
||||
{
|
||||
public virtual new ICollection<Project> Projects { get; set; }
|
||||
public new virtual ICollection<Project> Projects { get; set; }
|
||||
public virtual Organization Organization { get; set; }
|
||||
public virtual ICollection<UserSecretAccessPolicy> UserAccessPolicies { get; set; }
|
||||
public virtual ICollection<GroupSecretAccessPolicy> GroupAccessPolicies { get; set; }
|
||||
public virtual ICollection<ServiceAccountSecretAccessPolicy> ServiceAccountAccessPolicies { get; set; }
|
||||
}
|
||||
|
||||
public class SecretMapperProfile : Profile
|
||||
|
@ -1,4 +1,5 @@
|
||||
CREATE TABLE [AccessPolicy] (
|
||||
CREATE TABLE [dbo].[AccessPolicy]
|
||||
(
|
||||
[Id] UNIQUEIDENTIFIER NOT NULL,
|
||||
[Discriminator] NVARCHAR (50) NOT NULL,
|
||||
[OrganizationUserId] UNIQUEIDENTIFIER NULL,
|
||||
@ -10,25 +11,30 @@
|
||||
[Write] BIT NOT NULL,
|
||||
[CreationDate] DATETIME2 NOT NULL,
|
||||
[RevisionDate] DATETIME2 NOT NULL,
|
||||
CONSTRAINT [PK_AccessPolicy] PRIMARY KEY CLUSTERED ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_Group_GroupId] FOREIGN KEY ([GroupId]) REFERENCES [Group] ([Id]) ON DELETE CASCADE,
|
||||
CONSTRAINT [FK_AccessPolicy_OrganizationUser_OrganizationUserId] FOREIGN KEY ([OrganizationUserId]) REFERENCES [OrganizationUser] ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_Project_GrantedProjectId] FOREIGN KEY ([GrantedProjectId]) REFERENCES [Project] ([Id]) ON DELETE CASCADE,
|
||||
CONSTRAINT [FK_AccessPolicy_ServiceAccount_GrantedServiceAccountId] FOREIGN KEY ([GrantedServiceAccountId]) REFERENCES [ServiceAccount] ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_ServiceAccount_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [ServiceAccount] ([Id])
|
||||
[GrantedSecretId] UNIQUEIDENTIFIER NULL,
|
||||
CONSTRAINT [PK_AccessPolicy] PRIMARY KEY CLUSTERED ([Id] ASC),
|
||||
CONSTRAINT [FK_AccessPolicy_Group_GroupId] FOREIGN KEY ([GroupId]) REFERENCES [dbo].[Group] ([Id]) ON DELETE CASCADE,
|
||||
CONSTRAINT [FK_AccessPolicy_OrganizationUser_OrganizationUserId] FOREIGN KEY ([OrganizationUserId]) REFERENCES [dbo].[OrganizationUser] ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_Project_GrantedProjectId] FOREIGN KEY ([GrantedProjectId]) REFERENCES [dbo].[Project] ([Id]) ON DELETE CASCADE,
|
||||
CONSTRAINT [FK_AccessPolicy_ServiceAccount_GrantedServiceAccountId] FOREIGN KEY ([GrantedServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_ServiceAccount_ServiceAccountId] FOREIGN KEY ([ServiceAccountId]) REFERENCES [dbo].[ServiceAccount] ([Id]),
|
||||
CONSTRAINT [FK_AccessPolicy_Secret_GrantedSecretId] FOREIGN KEY ([GrantedSecretId]) REFERENCES [dbo].[Secret] ([Id]) ON DELETE CASCADE
|
||||
);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GroupId] ON [AccessPolicy] ([GroupId]);
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GroupId] ON [dbo].[AccessPolicy]([GroupId] ASC);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_OrganizationUserId] ON [AccessPolicy] ([OrganizationUserId]);
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_OrganizationUserId] ON [dbo].[AccessPolicy]([OrganizationUserId] ASC);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedProjectId] ON [AccessPolicy] ([GrantedProjectId]);
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedProjectId] ON [dbo].[AccessPolicy]([GrantedProjectId] ASC);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_ServiceAccountId] ON [AccessPolicy] ([ServiceAccountId]);
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_ServiceAccountId] ON [dbo].[AccessPolicy]([ServiceAccountId] ASC);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedServiceAccountId] ON [AccessPolicy] ([GrantedServiceAccountId]);
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedServiceAccountId] ON [dbo].[AccessPolicy]([GrantedServiceAccountId] ASC);
|
||||
|
||||
GO
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedSecretId] ON [dbo].[AccessPolicy]([GrantedSecretId] ASC);
|
||||
|
@ -0,0 +1,14 @@
|
||||
IF COL_LENGTH('[dbo].[AccessPolicy]', 'GrantedSecretId') IS NULL
|
||||
BEGIN
|
||||
ALTER TABLE [dbo].[AccessPolicy] ADD [GrantedSecretId] [uniqueidentifier] NULL
|
||||
CONSTRAINT [FK_AccessPolicy_Secret_GrantedSecretId] FOREIGN KEY ([GrantedSecretId]) REFERENCES [Secret] ([Id]) ON DELETE CASCADE
|
||||
END
|
||||
GO
|
||||
|
||||
IF NOT EXISTS(SELECT name
|
||||
FROM sys.indexes
|
||||
WHERE name = 'IX_AccessPolicy_GrantedSecretId')
|
||||
BEGIN
|
||||
CREATE NONCLUSTERED INDEX [IX_AccessPolicy_GrantedSecretId] ON [dbo].[AccessPolicy] ([GrantedSecretId] ASC);
|
||||
END
|
||||
GO
|
2518
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.Designer.cs
generated
Normal file
2518
util/MySqlMigrations/Migrations/20240216170327_AddSecretAccessPolicies.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,49 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.MySqlMigrations.Migrations;
|
||||
|
||||
/// <inheritdoc />
|
||||
public partial class AddSecretAccessPolicies : Migration
|
||||
{
|
||||
/// <inheritdoc />
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
type: "char(36)",
|
||||
nullable: true,
|
||||
collation: "ascii_general_ci");
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId",
|
||||
principalTable: "Secret",
|
||||
principalColumn: "Id",
|
||||
onDelete: ReferentialAction.Cascade);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
}
|
||||
}
|
@ -1732,6 +1732,27 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("group_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("GroupId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("GroupId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("GroupId");
|
||||
|
||||
b.HasDiscriminator().HasValue("group_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1763,6 +1784,7 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
.HasColumnName("GrantedProjectId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
@ -1773,6 +1795,27 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("service_account_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("ServiceAccountId");
|
||||
|
||||
b.HasDiscriminator().HasValue("service_account_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1794,6 +1837,27 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("user_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("OrganizationUserId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("char(36)")
|
||||
.HasColumnName("OrganizationUserId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("OrganizationUserId");
|
||||
|
||||
b.HasDiscriminator().HasValue("user_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -2245,6 +2309,23 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("GroupAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
|
||||
.WithMany()
|
||||
.HasForeignKey("GroupId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2277,6 +2358,22 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("ServiceAccountAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
|
||||
.WithMany()
|
||||
.HasForeignKey("ServiceAccountId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
|
||||
@ -2293,6 +2390,22 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("UserAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationUserId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2376,6 +2489,15 @@ namespace Bit.MySqlMigrations.Migrations
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
||||
b.Navigation("ServiceAccountAccessPolicies");
|
||||
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
2532
util/PostgresMigrations/Migrations/20240216170332_AddSecretAccessPolicies.Designer.cs
generated
Normal file
2532
util/PostgresMigrations/Migrations/20240216170332_AddSecretAccessPolicies.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,48 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.PostgresMigrations.Migrations;
|
||||
|
||||
/// <inheritdoc />
|
||||
public partial class AddSecretAccessPolicies : Migration
|
||||
{
|
||||
/// <inheritdoc />
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
type: "uuid",
|
||||
nullable: true);
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId",
|
||||
principalTable: "Secret",
|
||||
principalColumn: "Id",
|
||||
onDelete: ReferentialAction.Cascade);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
}
|
||||
}
|
@ -1746,6 +1746,27 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("group_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("GroupId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("GroupId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("GroupId");
|
||||
|
||||
b.HasDiscriminator().HasValue("group_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1777,6 +1798,7 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
.HasColumnName("GrantedProjectId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
@ -1787,6 +1809,27 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("service_account_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("ServiceAccountId");
|
||||
|
||||
b.HasDiscriminator().HasValue("service_account_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1808,6 +1851,27 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("user_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("OrganizationUserId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("uuid")
|
||||
.HasColumnName("OrganizationUserId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("OrganizationUserId");
|
||||
|
||||
b.HasDiscriminator().HasValue("user_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -2259,6 +2323,23 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("GroupAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
|
||||
.WithMany()
|
||||
.HasForeignKey("GroupId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2291,6 +2372,22 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("ServiceAccountAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
|
||||
.WithMany()
|
||||
.HasForeignKey("ServiceAccountId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
|
||||
@ -2307,6 +2404,22 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("UserAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationUserId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2390,6 +2503,15 @@ namespace Bit.PostgresMigrations.Migrations
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
||||
b.Navigation("ServiceAccountAccessPolicies");
|
||||
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
2516
util/SqliteMigrations/Migrations/20240216170322_AddSecretAccessPolicies.Designer.cs
generated
Normal file
2516
util/SqliteMigrations/Migrations/20240216170322_AddSecretAccessPolicies.Designer.cs
generated
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,48 @@
|
||||
using Microsoft.EntityFrameworkCore.Migrations;
|
||||
|
||||
#nullable disable
|
||||
|
||||
namespace Bit.SqliteMigrations.Migrations;
|
||||
|
||||
/// <inheritdoc />
|
||||
public partial class AddSecretAccessPolicies : Migration
|
||||
{
|
||||
/// <inheritdoc />
|
||||
protected override void Up(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.AddColumn<Guid>(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
type: "TEXT",
|
||||
nullable: true);
|
||||
|
||||
migrationBuilder.CreateIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId");
|
||||
|
||||
migrationBuilder.AddForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy",
|
||||
column: "GrantedSecretId",
|
||||
principalTable: "Secret",
|
||||
principalColumn: "Id",
|
||||
onDelete: ReferentialAction.Cascade);
|
||||
}
|
||||
|
||||
/// <inheritdoc />
|
||||
protected override void Down(MigrationBuilder migrationBuilder)
|
||||
{
|
||||
migrationBuilder.DropForeignKey(
|
||||
name: "FK_AccessPolicy_Secret_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropIndex(
|
||||
name: "IX_AccessPolicy_GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
|
||||
migrationBuilder.DropColumn(
|
||||
name: "GrantedSecretId",
|
||||
table: "AccessPolicy");
|
||||
}
|
||||
}
|
@ -1730,6 +1730,27 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("group_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("GroupId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("GroupId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("GroupId");
|
||||
|
||||
b.HasDiscriminator().HasValue("group_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1761,6 +1782,7 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
.HasColumnName("GrantedProjectId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
@ -1771,6 +1793,27 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("service_account_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("ServiceAccountId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("ServiceAccountId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("ServiceAccountId");
|
||||
|
||||
b.HasDiscriminator().HasValue("service_account_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -1792,6 +1835,27 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.HasDiscriminator().HasValue("user_project");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
|
||||
b.Property<Guid?>("GrantedSecretId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("GrantedSecretId");
|
||||
|
||||
b.Property<Guid?>("OrganizationUserId")
|
||||
.ValueGeneratedOnUpdateSometimes()
|
||||
.HasColumnType("TEXT")
|
||||
.HasColumnName("OrganizationUserId");
|
||||
|
||||
b.HasIndex("GrantedSecretId");
|
||||
|
||||
b.HasIndex("OrganizationUserId");
|
||||
|
||||
b.HasDiscriminator().HasValue("user_secret");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasBaseType("Bit.Infrastructure.EntityFramework.SecretsManager.Models.AccessPolicy");
|
||||
@ -2243,6 +2307,23 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("GroupAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.Group", "Group")
|
||||
.WithMany()
|
||||
.HasForeignKey("GroupId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("Group");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.GroupServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2275,6 +2356,22 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccountSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("ServiceAccountAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "ServiceAccount")
|
||||
.WithMany()
|
||||
.HasForeignKey("ServiceAccountId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("ServiceAccount");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserProjectAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Project", "GrantedProject")
|
||||
@ -2291,6 +2388,22 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserSecretAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", "GrantedSecret")
|
||||
.WithMany("UserAccessPolicies")
|
||||
.HasForeignKey("GrantedSecretId")
|
||||
.OnDelete(DeleteBehavior.Cascade);
|
||||
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.Models.OrganizationUser", "OrganizationUser")
|
||||
.WithMany()
|
||||
.HasForeignKey("OrganizationUserId");
|
||||
|
||||
b.Navigation("GrantedSecret");
|
||||
|
||||
b.Navigation("OrganizationUser");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.UserServiceAccountAccessPolicy", b =>
|
||||
{
|
||||
b.HasOne("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", "GrantedServiceAccount")
|
||||
@ -2374,6 +2487,15 @@ namespace Bit.SqliteMigrations.Migrations
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.Secret", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
||||
b.Navigation("ServiceAccountAccessPolicies");
|
||||
|
||||
b.Navigation("UserAccessPolicies");
|
||||
});
|
||||
|
||||
modelBuilder.Entity("Bit.Infrastructure.EntityFramework.SecretsManager.Models.ServiceAccount", b =>
|
||||
{
|
||||
b.Navigation("GroupAccessPolicies");
|
||||
|
Loading…
Reference in New Issue
Block a user