Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SM-716] Adding ability for service account to have write access #3021

Merged
merged 20 commits into from
Jun 30, 2023
Merged

[SM-716] Adding ability for service account to have write access #3021

merged 20 commits into from
Jun 30, 2023

Conversation

cd-bitwarden
Copy link
Contributor

Type of change

- [ ] Bug fix
- [ x ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Service accounts need to be able to have write access to projects and secrets

Code changes

bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/Projects/ProjectAuthorizationHandler.cs - allow service accounts

bitwarden_license/src/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs - remove code that disallows service accounts

bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs - bootstrapping service accounts to have access to projects they create

src/Api/SecretsManager/Controllers/ProjectsController.cs - pass to the function what type of user is logged in.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@cd-bitwarden cd-bitwarden requested a review from a team as a code owner June 15, 2023 18:48
@cd-bitwarden cd-bitwarden changed the title Adding ability for service account to have write access [SM-716] Adding ability for service account to have write access Jun 15, 2023
Thomas-Avery
Thomas-Avery requested changes Jun 15, 2023
View reviewed changes
Copy link
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall, updates look good.

Looks like unit tests are throwing errors on build, and we will need to update the authorization unit tests with these changes.

There are a few small things to address within the code below.

...c/Commercial.Core/SecretsManager/AuthorizationHandlers/Secrets/SecretAuthorizationHandler.cs Show resolved Hide resolved
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs Outdated Show resolved Hide resolved
bitwarden_license/src/Commercial.Core/SecretsManager/Commands/Projects/CreateProjectCommand.cs Outdated Show resolved Hide resolved
Thomas-Avery
Thomas-Avery requested changes Jun 16, 2023
View reviewed changes
Copy link
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good.

Let's add to the unit tests for ProjectAuthorizationHandlerTestswith a new permission type PermissionType.RunAsServiceAccountWithPermission so we have test coverage for these changes.

@cd-bitwarden
Copy link
Contributor Author

This looks good.

Let's add to the unit tests for ProjectAuthorizationHandlerTestswith a new permission type PermissionType.RunAsServiceAccountWithPermission so we have test coverage for these changes.

Great Idea Thomas! I added them :D

Thomas-Avery
Thomas-Avery previously approved these changes Jun 16, 2023
View reviewed changes
Copy link
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cd-bitwarden
Removing logic that prevents deleting and updating a secret. Adding S…
a849768 
…ervice Account logic to tests inside of secretAuthorizationhandlerTests.
@cd-bitwarden
Removing Service Account from CanUpdateSecret_NotSupportedClientTypes…
7bdfefc 
…_DoesNotSuceed because it is a supported client type now :)
@cd-bitwarden
Merge branch 'master' into SM-716
5947c5a
Thomas-Avery
Thomas-Avery approved these changes Jun 28, 2023
View reviewed changes
Copy link
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

@Thomas-Avery Thomas-Avery mentioned this pull request Jun 28, 2023
Merged
@cd-bitwarden cd-bitwarden enabled auto-merge (squash) June 30, 2023 17:17
@cd-bitwarden cd-bitwarden merged commit 3f3f523 into master Jun 30, 2023
39 of 40 checks passed
@cd-bitwarden cd-bitwarden deleted the SM-716 branch June 30, 2023 17:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Thomas-Avery Thomas-Avery Thomas-Avery approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cd-bitwarden @Thomas-Avery