-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SM-713] Add database support for secret access policies #3681
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #3681 +/- ##
==========================================
+ Coverage 36.36% 36.42% +0.05%
==========================================
Files 1158 1158
Lines 55885 55998 +113
Branches 5376 5376
==========================================
+ Hits 20325 20395 +70
- Misses 34614 34657 +43
Partials 946 946 ☔ View full report in Codecov by Sentry. |
...rcial.Infrastructure.EntityFramework/SecretsManager/Repositories/ServiceAccountRepository.cs
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good, thank you for all the work on this! Only one comment.
No New Or Fixed Issues Found |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
7b0d816
Quality Gate failedFailed conditions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
Type of change
Objective
The purpose of this PR is to add database support for individual secret permissions for the Secrets Manager project.
This includes changes to EF Core code to clean up secret access policies on deletion events.
Code changes
bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ServiceAccountRepository.cs:
Move to using a transaction,
ExecuteDeleteAsync
and added cleanup for secret access policies.src/Core/SecretsManager/Entities/AccessPolicy.cs:
Add secret access policy entities.
src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationRepository.cs:
Add secret access policy cleanup.
src/Infrastructure.EntityFramework/AdminConsole/Repositories/OrganizationUserRepository.cs:
Add secret access policy cleanup for single delete.
Bulk delete was broken swapped to using a transaction,
ExecuteDeleteAsync
, and cleanup code.src/Infrastructure.EntityFramework/Repositories/DatabaseContext.cs:
Add new access policy types to database context.
src/Infrastructure.EntityFramework/SecretsManager/Configurations/AccessPolicyEntityTypeConfiguration.cs:
Add new access policy types to database configuration.
src/Infrastructure.EntityFramework/SecretsManager/Discriminators/AccessPolicyDiscriminator.cs:
Add new discriminators for TPH mappings.
src/Infrastructure.EntityFramework/SecretsManager/Models/AccessPolicy.cs
Add mappings for new entities into EF models.
src/Infrastructure.EntityFramework/SecretsManager/Models/Secret.cs
Add access policy EF navigation properties.
src/Sql/SecretsManager/dbo/Tables/AccessPolicy.sql:
Add column, FK, and index.
Run the
mssql
formatter on this file to be more inline with our other SQL files.util/Migrator/DbScripts/2024-01-10_00_AddSecretAccessPolicies.sql:
Add mssql migration script.
util/MySqlMigrations/Migrations/*:
MySql EF migrations
util/PostgresMigrations/Migrations/*:
Postgres EF migrations
util/SqliteMigrations/Migrations/*:
Sqlite EF migrations
Before you submit
dotnet format --verify-no-changes
) (required)