Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SM-1150] Add secret sync endpoint #3906

Merged
merged 29 commits into from
Apr 25, 2024
Merged

[SM-1150] Add secret sync endpoint #3906

merged 29 commits into from
Apr 25, 2024

Conversation

Thomas-Avery
Copy link
Contributor

@Thomas-Avery Thomas-Avery commented Mar 15, 2024
edited
Loading

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

The purpose of this PR is to add a new secrets sync endpoint for Secrets Manager.

This also includes repository code updates to update a service account's RevisionDate when an event occurs that would require a new secrets sync for the given service account.

Code changes

  • bitwarden_license/src/Commercial.Core/SecretsManager/Queries/Secrets/SecretsSyncQuery.cs:
    src/Core/SecretsManager/Queries/Secrets/Interfaces/ISecretsSyncQuery.cs:
    A new query for determining if a secrets sync is needed and if so returns all secrets the service account has access to.

  • bitwarden_license/src/Commercial.Core/SecretsManager/SecretsManagerCollectionExtensions.cs:
    Adding the new query into DI.

  • bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/AccessPolicyRepository.cs:
    Update affected service account's revision date on creation and deletion of access policies.

  • bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/ProjectRepository.cs:
    Update affected service account's revision date on deletion of a project.

  • bitwarden_license/src/Commercial.Infrastructure.EntityFramework/SecretsManager/Repositories/SecretRepository.cs:
    src/Core/SecretsManager/Repositories/ISecretRepository.cs:
    src/Core/SecretsManager/Repositories/Noop/NoopSecretRepository.cs:
    Update affected service account's revision date on secret creation, update, soft delete, restore, and hard delete
    Rename GetManyByOrganizationIdInTrashAsync, GetManyByProjectIdAsync, and GetManyByOrganizationIdAsync to make it clear they return SecretPermissionDetails not just secret entities.

  • bitwarden_license/test/Commercial.Core.Test/SecretsManager/Queries/Secrets/SecretsSyncQueryTests.cs:
    Unit tests.

  • src/Api/SecretsManager/Controllers/SecretsController.cs:
    Add new endpoint
    Secret repository renames

  • src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs:
    Secret repository renames

  • src/Api/SecretsManager/Controllers/SecretsTrashController.cs:
    Secret repository renames

  • src/Api/SecretsManager/Models/Response/SecretsSyncResponseModel.cs:
    Response model for new secrets sync endpoint.

  • src/Core/SecretsManager/Models/Data/SecretsSyncRequest.cs:
    Data model for all the properties required for a SecretsSyncQuery.

  • test/Api.IntegrationTest/SecretsManager/Controllers/SecretsControllerTests.cs:
    Integration tests

  • test/Api.Test/SecretsManager/Controllers/SecretsControllerTests.cs:
    Unit tests

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@Thomas-Avery Thomas-Avery self-assigned this Mar 15, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 15, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 85.71429% with 36 lines in your changes are missing coverage. Please review.

Project coverage is 38.01%. Comparing base (f7aa56b) to head (f4d55be).

Files Patch % Lines
...rk/SecretsManager/Repositories/SecretRepository.cs 85.03% 14 Missing and 5 partials ⚠️
...k/SecretsManager/Repositories/ProjectRepository.cs 56.66% 11 Missing and 2 partials ⚠️
...sManager/Repositories/Noop/NoopSecretRepository.cs 0.00% 3 Missing ⚠️
...ger/Controllers/SecretsManagerPortingController.cs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3906      +/-   ##
==========================================
+ Coverage   37.86%   38.01%   +0.14%     
==========================================
  Files        1192     1195       +3     
  Lines       57988    58134     +146     
  Branches     5549     5567      +18     
==========================================
+ Hits        21960    22102     +142     
+ Misses      34995    34993       -2     
- Partials     1033     1039       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Thomas-Avery Thomas-Avery changed the base branch from main to sm/sm-893-beeep March 19, 2024 22:08
@Thomas-Avery Thomas-Avery marked this pull request as ready for review March 20, 2024 22:06
@Thomas-Avery Thomas-Avery requested a review from a team as a code owner March 20, 2024 22:06
@Thomas-Avery Thomas-Avery mentioned this pull request Mar 21, 2024
Merged
@Thomas-Avery Thomas-Avery mentioned this pull request Mar 25, 2024
Merged
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 29, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Details5ae5d22c-57ac-4baf-89e7-39e2d058237b

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 650 Attack Vector
MEDIUM Privacy_Violation /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 703 Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 615 Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 678 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 141
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 284
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 145
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 145
MEDIUM CSRF /src/Api/Billing/Controllers/ProviderClientsController.cs: 30
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 318
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 318
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 702
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 678
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 891
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 173
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 744
MEDIUM CSRF /src/Api/Vault/Controllers/FoldersController.cs: 45
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51
MEDIUM CSRF /src/Api/Controllers/UsersController.cs: 22
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 70
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 57
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 69
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 92
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: 52
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 148
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 78
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 61
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: 50
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 161
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 231
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 271
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 144
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 188
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 744
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 175
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 613
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 669
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 222
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 858
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 807
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 288
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 410
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 191
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 187
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 526
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 362
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 174
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 128
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 97
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 164
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 308
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 207
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 77
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 114
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 230
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 331
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 85
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 203
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 285
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 303
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 286
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 374
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 403
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 231
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 408
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 900
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 571
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 271
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 970
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 970
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 726
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 825
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 188
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 993
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 993
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 583
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 583
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 150
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 150
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 586
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 433
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 159
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1027
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 369
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 688
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 313
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 758
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 205
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 410
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 191
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 323
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 526
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 220
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1047
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 959
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 374
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 944
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 944
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 539
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 539
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 59
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 127
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 560
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 156
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 187
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 196
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 50
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 66
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 111
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 125
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 889
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 50
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 72
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProviderOrganizationsController.cs: 38
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 130
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 101
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 626
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1047
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 89
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 116
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 374
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationDomainController.cs: 75
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 318
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 145
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 59
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 153
MEDIUM CSRF /src/Api/SecretsManager/Controllers/SecretsManagerPortingController.cs: 38
MEDIUM CSRF /src/Api/SecretsManager/Controllers/ProjectsController.cs: 140
MEDIUM

More results are available on AST platform

Base automatically changed from sm/sm-893-beeep to main March 29, 2024 16:00
coltonhurst
coltonhurst previously approved these changes Apr 17, 2024
View reviewed changes
Copy link
Member

@coltonhurst coltonhurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Thomas-Avery this looks good, thanks for the hard work on this!

Nice uses of ExecuteDeleteAsync and using declarations 😄

@Thomas-Avery Thomas-Avery merged commit a7b992d into main Apr 25, 2024
49 checks passed
@Thomas-Avery Thomas-Avery deleted the sm/sm-1150-secret-sync branch April 25, 2024 15:34
Thomas-Avery added a commit to bitwarden/sdk-sm that referenced this pull request May 15, 2024
@Thomas-Avery
[SM-1153] Part 1 Secrets sync | Generate API bindings (#674)
f07d9a7 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective

<!--Describe what the purpose of this PR is. For example: what bug
you're fixing or what new feature you're adding-->

Expose the new secrets sync endpoint.

Server PR  bitwarden/server#3906

## Code changes

<!--Explain the changes you've made to each file or major component.
This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

ran the command `./support/build-api.sh`

## Before you submit

- Please add **unit tests** where it makes sense to do so
Thomas-Avery added a commit to bitwarden/sdk-sm that referenced this pull request May 15, 2024
@Thomas-Avery
[SM-1153] Part 2 Secrets sync | Expose in SM SDK (#678)
295d3c5 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective

<!--Describe what the purpose of this PR is. For example: what bug
you're fixing or what new feature you're adding-->

The purpose of this PR is to expose the ability to preform secrets syncs
via the Secrets Manager SDK.


Requires API bindings in #674

This should not be merged into main prior to:

- The server PR bitwarden/server#3906 being
merged and released
- The API bindings PR #674 being
merged into main


## Code changes

<!--Explain the changes you've made to each file or major component.
This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->


- **crates/bitwarden/src/secrets_manager/client_secrets.rs:** 
Add the `sync` method to the client secrets.

 - **crates/bitwarden/src/secrets_manager/secrets/mod.rs:** 
Expose `sync` `SecretsSyncRequest`, and `SecretsSyncResponse`

 - **crates/bitwarden/src/secrets_manager/secrets/sync.rs:** 
Implement `sync` `SecretsSyncRequest`, and `SecretsSyncResponse`

## Before you submit

- Please add **unit tests** where it makes sense to do so
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coltonhurst coltonhurst coltonhurst approved these changes

Assignees

@Thomas-Avery Thomas-Avery

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Thomas-Avery @coltonhurst