1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-28 17:57:37 +01:00

[SM-891] Include Secrets Manager in organization license for self-hosting (#3222)

* Remove self-hosted restrictions from SM endpoints

* Add SM properties to organization license
This commit is contained in:
Thomas Avery 2023-10-16 15:47:12 -05:00 committed by GitHub
parent eec2763e78
commit 69529d394b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 29 additions and 15 deletions

View File

@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Commands.AccessPolicies.Interfaces;
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
[Route("access-policies")]
public class AccessPoliciesController : Controller
{

View File

@ -10,14 +10,12 @@ using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
public class ProjectsController : Controller
{
private readonly ICurrentContext _currentContext;

View File

@ -14,14 +14,12 @@ using Bit.Core.Services;
using Bit.Core.Tools.Enums;
using Bit.Core.Tools.Models.Business;
using Bit.Core.Tools.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
public class SecretsController : Controller
{
private readonly ICurrentContext _currentContext;

View File

@ -7,14 +7,12 @@ using Bit.Core.SecretsManager.Commands.Porting.Interfaces;
using Bit.Core.SecretsManager.Queries.Projects.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
public class SecretsManagerPortingController : Controller
{
private readonly ISecretRepository _secretRepository;

View File

@ -3,14 +3,12 @@ using Bit.Core.Context;
using Bit.Core.Exceptions;
using Bit.Core.SecretsManager.Commands.Trash.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
public class TrashController : Controller
{
private readonly ICurrentContext _currentContext;

View File

@ -14,14 +14,12 @@ using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Queries.ServiceAccounts.Interfaces;
using Bit.Core.SecretsManager.Repositories;
using Bit.Core.Services;
using Bit.Core.Utilities;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace Bit.Api.SecretsManager.Controllers;
[Authorize("secrets")]
[SelfHosted(NotSelfHostedOnly = true)]
[Route("service-accounts")]
public class ServiceAccountsController : Controller
{

View File

@ -250,5 +250,9 @@ public class Organization : ITableObject<Guid>, ISubscriber, IStorable, IStorabl
ExpirationDate = license.Expires;
LicenseKey = license.LicenseKey;
RevisionDate = DateTime.UtcNow;
UsePasswordManager = license.UsePasswordManager;
UseSecretsManager = license.UseSecretsManager;
SmSeats = license.SmSeats;
SmServiceAccounts = license.SmServiceAccounts;
}
}

View File

@ -47,6 +47,10 @@ public class OrganizationLicense : ILicense
UsersGetPremium = org.UsersGetPremium;
UseCustomPermissions = org.UseCustomPermissions;
Issued = DateTime.UtcNow;
UsePasswordManager = org.UsePasswordManager;
UseSecretsManager = org.UseSecretsManager;
SmSeats = org.SmSeats;
SmServiceAccounts = org.SmServiceAccounts;
if (subscriptionInfo?.Subscription == null)
{
@ -125,6 +129,10 @@ public class OrganizationLicense : ILicense
public DateTime? Refresh { get; set; }
public DateTime? Expires { get; set; }
public DateTime? ExpirationWithoutGracePeriod { get; set; }
public bool UsePasswordManager { get; set; }
public bool UseSecretsManager { get; set; }
public int? SmSeats { get; set; }
public int? SmServiceAccounts { get; set; }
public bool Trial { get; set; }
public LicenseType? LicenseType { get; set; }
public string Hash { get; set; }
@ -137,10 +145,10 @@ public class OrganizationLicense : ILicense
/// </summary>
/// <remarks>Intentionally set one version behind to allow self hosted users some time to update before
/// getting out of date license errors</remarks>
private const int CURRENT_LICENSE_FILE_VERSION = 11;
private const int CURRENT_LICENSE_FILE_VERSION = 12;
private bool ValidLicenseVersion
{
get => Version is >= 1 and <= 12;
get => Version is >= 1 and <= 13;
}
public byte[] GetDataBytes(bool forHash = false)
@ -176,6 +184,8 @@ public class OrganizationLicense : ILicense
(Version >= 11 || !p.Name.Equals(nameof(UseCustomPermissions))) &&
// ExpirationWithoutGracePeriod was added in Version 12
(Version >= 12 || !p.Name.Equals(nameof(ExpirationWithoutGracePeriod))) &&
// UseSecretsManager was added in Version 13
(Version >= 13 || !p.Name.Equals(nameof(UseSecretsManager))) &&
(
!forHash ||
(
@ -315,6 +325,14 @@ public class OrganizationLicense : ILicense
valid = organization.UseCustomPermissions == UseCustomPermissions;
}
if (valid && Version >= 13)
{
valid = organization.UseSecretsManager == UseSecretsManager &&
organization.UsePasswordManager == UsePasswordManager &&
organization.SmSeats == SmSeats &&
organization.SmServiceAccounts == SmServiceAccounts;
}
return valid;
}
else

View File

@ -573,7 +573,11 @@ public class OrganizationService : IOrganizationService
PrivateKey = privateKey,
CreationDate = DateTime.UtcNow,
RevisionDate = DateTime.UtcNow,
Status = OrganizationStatusType.Created
Status = OrganizationStatusType.Created,
UsePasswordManager = license.UsePasswordManager,
UseSecretsManager = license.UseSecretsManager,
SmSeats = license.SmSeats,
SmServiceAccounts = license.SmServiceAccounts
};
var result = await SignUpAsync(organization, owner.Id, ownerKey, collectionName, false);