-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SM-716] Adding ability for service account to have write access #3021
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall, updates look good.
Looks like unit tests are throwing errors on build, and we will need to update the authorization unit tests with these changes.
There are a few small things to address within the code below.
...c/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs
Show resolved
Hide resolved
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs
Outdated
Show resolved
Hide resolved
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good.
Let's add to the unit tests for ProjectAuthorizationHandlerTests
with a new permission type PermissionType.RunAsServiceAccountWithPermission
so we have test coverage for these changes.
Great Idea Thomas! I added them :D |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…ervice Account logic to tests inside of secretAuthorizationhandlerTests.
…_DoesNotSuceed because it is a supported client type now :)
...al.Core.Test/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandlerTests.cs
Show resolved
Hide resolved
...c/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs
Outdated
Show resolved
Hide resolved
...al.Core.Test/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandlerTests.cs
Outdated
Show resolved
Hide resolved
...al.Core.Test/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandlerTests.cs
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thank you!
Type of change
Objective
Service accounts need to be able to have write access to projects and secrets
Code changes
bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/Projects/ProjectAuthorizationHandler.cs - allow service accounts
bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs - remove code that disallows service accounts
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs - bootstrapping service accounts to have access to projects they create
src/Api/SecretsManager/Controllers/ProjectsController.cs - pass to the function what type of user is logged in.
Before you submit
dotnet format --verify-no-changes
) (required)