diff --git a/src/Core/Context/CurrentContextOrganization.cs b/src/Core/Context/CurrentContextOrganization.cs index cf2c8b40c..fbef49c5a 100644 --- a/src/Core/Context/CurrentContextOrganization.cs +++ b/src/Core/Context/CurrentContextOrganization.cs @@ -14,7 +14,7 @@ public class CurrentContextOrganization Id = orgUser.OrganizationId; Type = orgUser.Type; Permissions = CoreHelpers.LoadClassFromJsonData(orgUser.Permissions); - AccessSecretsManager = orgUser.AccessSecretsManager && orgUser.UseSecretsManager; + AccessSecretsManager = orgUser.AccessSecretsManager && orgUser.UseSecretsManager && orgUser.Enabled; } public Guid Id { get; set; } diff --git a/src/Identity/IdentityServer/ClientStore.cs b/src/Identity/IdentityServer/ClientStore.cs index e2fd33c9d..f857e7225 100644 --- a/src/Identity/IdentityServer/ClientStore.cs +++ b/src/Identity/IdentityServer/ClientStore.cs @@ -100,7 +100,7 @@ public class ClientStore : IClientStore { case ServiceAccountApiKeyDetails key: var org = await _organizationRepository.GetByIdAsync(key.ServiceAccountOrganizationId); - if (!org.UseSecretsManager) + if (!org.UseSecretsManager || !org.Enabled) { return null; } diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs index 171dad4a8..006bcc2c2 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/AccessPoliciesControllerTests.cs @@ -56,12 +56,16 @@ public class AccessPoliciesControllerTests : IClassFixture, IAs } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/projects"); @@ -71,7 +75,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task ListByOrganization_UserWithoutPermission_EmptyList() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -102,12 +106,16 @@ public class ProjectsControllerTests : IClassFixture, IAs } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var request = new ProjectCreateRequestModel { Name = _mockEncryptedString }; @@ -134,7 +142,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [InlineData(PermissionType.RunAsUserWithPermission)] public async Task Create_Success(PermissionType permissionType) { - var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true); + var (org, adminOrgUser) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var orgUserId = adminOrgUser.Id; var currentUserId = adminOrgUser.UserId!.Value; @@ -178,12 +186,16 @@ public class ProjectsControllerTests : IClassFixture, IAs } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project @@ -231,7 +243,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task Update_NonExistingProject_NotFound() { - await _organizationHelper.Initialize(true, true); + await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var request = new ProjectUpdateRequestModel @@ -248,7 +260,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task Update_MissingAccessPolicy_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -270,12 +282,16 @@ public class ProjectsControllerTests : IClassFixture, IAs } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project @@ -295,7 +311,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task Get_MissingAccessPolicy_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -312,7 +328,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task Get_NonExistingProject_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -346,12 +362,16 @@ public class ProjectsControllerTests : IClassFixture, IAs } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id); @@ -363,7 +383,7 @@ public class ProjectsControllerTests : IClassFixture, IAs [Fact] public async Task Delete_MissingAccessPolicy_AccessDenied() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -417,7 +437,7 @@ public class ProjectsControllerTests : IClassFixture, IAs private async Task<(List, Organization)> SetupProjectsWithAccessAsync(PermissionType permissionType, int projectsToCreate = 3) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var projectIds = await CreateProjectsAsync(org.Id, projectsToCreate); @@ -446,7 +466,7 @@ public class ProjectsControllerTests : IClassFixture, IAs private async Task SetupProjectWithAccessAsync(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var initialProject = await _projectRepository.CreateAsync(new Project diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs index 0d937d343..8cea05c5c 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs @@ -56,12 +56,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var response = await _client.GetAsync($"/organizations/{org.Id}/secrets"); @@ -73,7 +77,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task ListByOrganization_Success(PermissionType permissionType) { - var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true); + var (org, orgUserOwner) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project @@ -123,12 +127,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Create_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Create_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var request = new SecretCreateRequestModel @@ -145,7 +153,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task CreateWithoutProject_RunAsAdmin_Success() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var request = new SecretCreateRequestModel @@ -179,7 +187,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task CreateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { Name = "123" }); @@ -199,7 +207,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task CreateWithMultipleProjects_RunAsAdmin_BadRequest() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); @@ -220,7 +228,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task CreateWithoutProject_RunAsUser_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -240,7 +248,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task CreateWithProject_Success(PermissionType permissionType) { - var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true); + var (org, orgAdminUser) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); AccessClientType accessType = AccessClientType.NoAccessCheck; @@ -296,12 +304,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Get_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Get_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -321,7 +333,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task Get_Success(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() @@ -371,12 +383,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task GetSecretsByProject_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task GetSecretsByProject_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project @@ -392,7 +408,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task GetSecretsByProject_UserWithNoPermission_EmptyList() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, orgUser) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -425,7 +441,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task GetSecretsByProject_Success(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() @@ -473,12 +489,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Update_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Update_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -505,7 +525,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task Update_Success(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project() @@ -572,7 +592,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task UpdateWithDifferentProjectOrgId_RunAsAdmin_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var project = await _projectRepository.CreateAsync(new Project { Name = "123" }); @@ -600,7 +620,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task UpdateWithMultipleProjects_BadRequest() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var projectA = await _projectRepository.CreateAsync(new Project { OrganizationId = org.Id, Name = "123A" }); @@ -627,12 +647,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Delete_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Delete_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -651,7 +675,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [Fact] public async Task Delete_MissingAccessPolicy_AccessDenied() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -671,7 +695,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task Delete_Success(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var (project, secretIds) = await CreateSecretsAsync(org.Id, 3); @@ -710,12 +734,16 @@ public class SecretsControllerTests : IClassFixture, IAsy } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task GetSecretsByIds_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task GetSecretsByIds_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -737,7 +765,7 @@ public class SecretsControllerTests : IClassFixture, IAsy [InlineData(PermissionType.RunAsUserWithPermission)] public async Task GetSecretsByIds_Success(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var (project, secretIds) = await CreateSecretsAsync(org.Id); diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs index 62d555409..c57ceb20d 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/SecretsManagerPortingControllerTests.cs @@ -45,12 +45,16 @@ public class SecretsManagerPortingControllerTests : IClassFixture(); @@ -62,12 +66,16 @@ public class SecretsManagerPortingControllerTests : IClassFixture, } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task ListByOrganization_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task ListByOrganization_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var response = await _client.GetAsync($"/secrets/{org.Id}/trash"); @@ -63,7 +67,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task ListByOrganization_NotAdmin_Unauthorized() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -74,7 +78,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task ListByOrganization_Success() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); await _secretRepository.CreateAsync(new Secret @@ -100,12 +104,16 @@ public class SecretsTrashControllerTests : IClassFixture, } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Empty_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Empty_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var ids = new List { Guid.NewGuid() }; @@ -116,7 +124,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Empty_NotAdmin_Unauthorized() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -128,7 +136,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Empty_Invalid_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -146,7 +154,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Empty_Success() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -163,12 +171,16 @@ public class SecretsTrashControllerTests : IClassFixture, } [Theory] - [InlineData(false, false)] - [InlineData(true, false)] - [InlineData(false, true)] - public async Task Restore_SmNotEnabled_NotFound(bool useSecrets, bool accessSecrets) + [InlineData(false, false, false)] + [InlineData(false, false, true)] + [InlineData(false, true, false)] + [InlineData(false, true, true)] + [InlineData(true, false, false)] + [InlineData(true, false, true)] + [InlineData(true, true, false)] + public async Task Restore_SmAccessDenied_NotFound(bool useSecrets, bool accessSecrets, bool organizationEnabled) { - var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets); + var (org, _) = await _organizationHelper.Initialize(useSecrets, accessSecrets, organizationEnabled); await LoginAsync(_email); var ids = new List { Guid.NewGuid() }; @@ -179,7 +191,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Restore_NotAdmin_Unauthorized() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); var (email, _) = await _organizationHelper.CreateNewUser(OrganizationUserType.User, true); await LoginAsync(email); @@ -191,7 +203,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Restore_Invalid_NotFound() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret @@ -209,7 +221,7 @@ public class SecretsTrashControllerTests : IClassFixture, [Fact] public async Task Restore_Success() { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var secret = await _secretRepository.CreateAsync(new Secret diff --git a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs index 814778d1b..8150dced5 100644 --- a/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs +++ b/test/Api.IntegrationTest/SecretsManager/Controllers/ServiceAccountsControllerTests.cs @@ -61,12 +61,16 @@ public class ServiceAccountsControllerTests : IClassFixture SetupServiceAccountWithAccessAsync(PermissionType permissionType) { - var (org, _) = await _organizationHelper.Initialize(true, true); + var (org, _) = await _organizationHelper.Initialize(true, true, true); await LoginAsync(_email); var initialServiceAccount = await _serviceAccountRepository.CreateAsync(new ServiceAccount diff --git a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs index 7e86386d2..6430f7199 100644 --- a/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs +++ b/test/Api.IntegrationTest/SecretsManager/SecretsManagerOrganizationHelper.cs @@ -25,13 +25,22 @@ public class SecretsManagerOrganizationHelper _ownerEmail = ownerEmail; } - public async Task<(Organization organization, OrganizationUser owner)> Initialize(bool useSecrets, bool ownerAccessSecrets) + public async Task<(Organization organization, OrganizationUser owner)> Initialize(bool useSecrets, bool ownerAccessSecrets, bool organizationEnabled) { (_organization, _owner) = await OrganizationTestHelpers.SignUpAsync(_factory, ownerEmail: _ownerEmail, billingEmail: _ownerEmail); - if (useSecrets) + if (useSecrets || !organizationEnabled) { - _organization.UseSecretsManager = true; + if (useSecrets) + { + _organization.UseSecretsManager = true; + } + + if (!organizationEnabled) + { + _organization.Enabled = false; + } + await _organizationRepository.ReplaceAsync(_organization); } diff --git a/test/Api.Test/SecretsManager/Controllers/ProjectsControllerTests.cs b/test/Api.Test/SecretsManager/Controllers/ProjectsControllerTests.cs index 27aa7ea71..aba196ecf 100644 --- a/test/Api.Test/SecretsManager/Controllers/ProjectsControllerTests.cs +++ b/test/Api.Test/SecretsManager/Controllers/ProjectsControllerTests.cs @@ -44,7 +44,7 @@ public class ProjectsControllerTests [Theory] [BitAutoData] - public async void ListByOrganization_SmNotEnabled_Throws(SutProvider sutProvider, Guid data) + public async void ListByOrganization_SmAccessDenied_Throws(SutProvider sutProvider, Guid data) { sutProvider.GetDependency().AccessSecretsManager(data).Returns(false); @@ -205,7 +205,7 @@ public class ProjectsControllerTests [Theory] [BitAutoData] - public async void Get_SmNotEnabled_Throws(SutProvider sutProvider, Guid data, Guid orgId) + public async void Get_SmAccessDenied_Throws(SutProvider sutProvider, Guid data, Guid orgId) { SetupAdmin(sutProvider, orgId); sutProvider.GetDependency().AccessSecretsManager(orgId).Returns(false);