mirror of
https://github.com/bitwarden/server.git
synced 2024-12-28 17:57:37 +01:00
[SM-891] Include Secrets Manager in organization license for self-hosting (#3222)
* Remove self-hosted restrictions from SM endpoints * Add SM properties to organization license
This commit is contained in:
parent
eec2763e78
commit
69529d394b
@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
|
||||
using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
[Route("access-policies")]
|
||||
public class AccessPoliciesController : Controller
|
||||
{
|
||||
|
@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
public class ProjectsController : Controller
|
||||
{
|
||||
private readonly ICurrentContext _currentContext;
|
||||
|
@ -14,14 +14,12 @@ using Bit.Core.Services;
|
||||
using Bit.Core.Tools.Enums;
|
||||
using Bit.Core.Tools.Models.Business;
|
||||
using Bit.Core.Tools.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
public class SecretsController : Controller
|
||||
{
|
||||
private readonly ICurrentContext _currentContext;
|
||||
|
@ -7,14 +7,12 @@ using Bit.Core.SecretsManager.Commands.Porting.Interfaces;
|
||||
using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
public class SecretsManagerPortingController : Controller
|
||||
{
|
||||
private readonly ISecretRepository _secretRepository;
|
||||
|
@ -3,14 +3,12 @@ using Bit.Core.Context;
|
||||
using Bit.Core.Exceptions;
|
||||
using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
public class TrashController : Controller
|
||||
{
|
||||
private readonly ICurrentContext _currentContext;
|
||||
|
@ -14,14 +14,12 @@ using Bit.Core.SecretsManager.Entities;
|
||||
using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
|
||||
using Bit.Core.SecretsManager.Repositories;
|
||||
using Bit.Core.Services;
|
||||
using Bit.Core.Utilities;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
|
||||
namespace Bit.Api.SecretsManager.Controllers;
|
||||
|
||||
[Authorize("secrets")]
|
||||
[SelfHosted(NotSelfHostedOnly = true)]
|
||||
[Route("service-accounts")]
|
||||
public class ServiceAccountsController : Controller
|
||||
{
|
||||
|
@ -250,5 +250,9 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
|
||||
ExpirationDate = license.Expires;
|
||||
LicenseKey = license.LicenseKey;
|
||||
RevisionDate = DateTime.UtcNow;
|
||||
UsePasswordManager = license.UsePasswordManager;
|
||||
UseSecretsManager = license.UseSecretsManager;
|
||||
SmSeats = license.SmSeats;
|
||||
SmServiceAccounts = license.SmServiceAccounts;
|
||||
}
|
||||
}
|
||||
|
@ -47,6 +47,10 @@ public class OrganizationLicense : ILicense
|
||||
UsersGetPremium = org.UsersGetPremium;
|
||||
UseCustomPermissions = org.UseCustomPermissions;
|
||||
Issued = DateTime.UtcNow;
|
||||
UsePasswordManager = org.UsePasswordManager;
|
||||
UseSecretsManager = org.UseSecretsManager;
|
||||
SmSeats = org.SmSeats;
|
||||
SmServiceAccounts = org.SmServiceAccounts;
|
||||
|
||||
if (subscriptionInfo?.Subscription == null)
|
||||
{
|
||||
@ -125,6 +129,10 @@ public class OrganizationLicense : ILicense
|
||||
public DateTime? Refresh { get; set; }
|
||||
public DateTime? Expires { get; set; }
|
||||
public DateTime? ExpirationWithoutGracePeriod { get; set; }
|
||||
public bool UsePasswordManager { get; set; }
|
||||
public bool UseSecretsManager { get; set; }
|
||||
public int? SmSeats { get; set; }
|
||||
public int? SmServiceAccounts { get; set; }
|
||||
public bool Trial { get; set; }
|
||||
public LicenseType? LicenseType { get; set; }
|
||||
public string Hash { get; set; }
|
||||
@ -137,10 +145,10 @@ public class OrganizationLicense : ILicense
|
||||
/// </summary>
|
||||
/// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
|
||||
/// getting out of date license errors</remarks>
|
||||
private const int CURRENT_LICENSE_FILE_VERSION = 11;
|
||||
private const int CURRENT_LICENSE_FILE_VERSION = 12;
|
||||
private bool ValidLicenseVersion
|
||||
{
|
||||
get => Version is >= 1 and <= 12;
|
||||
get => Version is >= 1 and <= 13;
|
||||
}
|
||||
|
||||
public byte[] GetDataBytes(bool forHash = false)
|
||||
@ -176,6 +184,8 @@ public class OrganizationLicense : ILicense
|
||||
(Version >= 11 || !p.Name.Equals(nameof(UseCustomPermissions))) &&
|
||||
// ExpirationWithoutGracePeriod was added in Version 12
|
||||
(Version >= 12 || !p.Name.Equals(nameof(ExpirationWithoutGracePeriod))) &&
|
||||
// UseSecretsManager was added in Version 13
|
||||
(Version >= 13 || !p.Name.Equals(nameof(UseSecretsManager))) &&
|
||||
(
|
||||
!forHash ||
|
||||
(
|
||||
@ -315,6 +325,14 @@ public class OrganizationLicense : ILicense
|
||||
valid = organization.UseCustomPermissions == UseCustomPermissions;
|
||||
}
|
||||
|
||||
if (valid && Version >= 13)
|
||||
{
|
||||
valid = organization.UseSecretsManager == UseSecretsManager &&
|
||||
organization.UsePasswordManager == UsePasswordManager &&
|
||||
organization.SmSeats == SmSeats &&
|
||||
organization.SmServiceAccounts == SmServiceAccounts;
|
||||
}
|
||||
|
||||
return valid;
|
||||
}
|
||||
else
|
||||
|
@ -573,7 +573,11 @@ public class OrganizationService : IOrganizationService
|
||||
PrivateKey = privateKey,
|
||||
CreationDate = DateTime.UtcNow,
|
||||
RevisionDate = DateTime.UtcNow,
|
||||
Status = OrganizationStatusType.Created
|
||||
Status = OrganizationStatusType.Created,
|
||||
UsePasswordManager = license.UsePasswordManager,
|
||||
UseSecretsManager = license.UseSecretsManager,
|
||||
SmSeats = license.SmSeats,
|
||||
SmServiceAccounts = license.SmServiceAccounts
|
||||
};
|
||||
|
||||
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);
|
||||
|
Loading…
Reference in New Issue
Block a user