1
0
mirror of https://github.com/bitwarden/server.git synced 2024-12-13 15:36:45 +01:00
bitwarden-server/test/Core.Test/SecretsManager/Models/ServiceAccountGrantedPoliciesTests.cs
Thomas Avery ebd88393c8
[SM-910] Add service account granted policies management endpoints (#3736)
* Add the ability to get multi projects access

* Add access policy helper + tests

* Add new data/request models

* Add access policy operations to repo

* Add authz handler for new operations

* Add new controller endpoints

* add updating service account revision
2024-05-01 11:47:11 -05:00

78 lines
2.8 KiB
C#

#nullable enable
using Bit.Core.SecretsManager.Entities;
using Bit.Core.SecretsManager.Enums.AccessPolicies;
using Bit.Core.SecretsManager.Models.Data;
using Xunit;
namespace Bit.Core.Test.SecretsManager.Models;
public class ServiceAccountGrantedPoliciesTests
{
[Fact]
public void GetPolicyUpdates_NoChanges_ReturnsEmptyLists()
{
var projectId1 = Guid.NewGuid();
var projectId2 = Guid.NewGuid();
var existing = new ServiceAccountGrantedPolicies
{
ProjectGrantedPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { GrantedProjectId = projectId1, Read = true, Write = true },
new() { GrantedProjectId = projectId2, Read = false, Write = true }
}
};
var result = existing.GetPolicyUpdates(existing);
Assert.Empty(result.ProjectGrantedPolicyUpdates);
}
[Fact]
public void GetPolicyUpdates_ReturnsCorrectPolicyChanges()
{
var projectId1 = Guid.NewGuid();
var projectId2 = Guid.NewGuid();
var projectId3 = Guid.NewGuid();
var projectId4 = Guid.NewGuid();
var existing = new ServiceAccountGrantedPolicies
{
ProjectGrantedPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { GrantedProjectId = projectId1, Read = true, Write = true },
new() { GrantedProjectId = projectId3, Read = true, Write = true },
new() { GrantedProjectId = projectId4, Read = true, Write = true }
}
};
var requested = new ServiceAccountGrantedPolicies
{
ProjectGrantedPolicies = new List<ServiceAccountProjectAccessPolicy>
{
new() { GrantedProjectId = projectId1, Read = true, Write = false },
new() { GrantedProjectId = projectId2, Read = false, Write = true },
new() { GrantedProjectId = projectId3, Read = true, Write = true }
}
};
var result = existing.GetPolicyUpdates(requested);
Assert.Contains(projectId2, result.ProjectGrantedPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Create)
.Select(pu => pu.AccessPolicy.GrantedProjectId!.Value));
Assert.Contains(projectId4, result.ProjectGrantedPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Delete)
.Select(pu => pu.AccessPolicy.GrantedProjectId!.Value));
Assert.Contains(projectId1, result.ProjectGrantedPolicyUpdates
.Where(pu => pu.Operation == AccessPolicyOperation.Update)
.Select(pu => pu.AccessPolicy.GrantedProjectId!.Value));
Assert.DoesNotContain(projectId3, result.ProjectGrantedPolicyUpdates
.Select(pu => pu.AccessPolicy.GrantedProjectId!.Value));
}
}