Skip to content

Commit 192e037

Browse files
webprofusion-chriscwebprofusion-chrisc
committed
Update ARI renewal info tests
1 parent 3545d81 commit 192e037

File tree

3 files changed

+83
-58
lines changed

3 files changed

+83
-58
lines changed

src/Certify.Models/Hub/AccessControlConfig.cs

Lines changed: 79 additions & 56 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@ namespace Certify.Models.Hub
1010
public class StandardRoles
1111
{
1212
internal static Role BackupOperator { get; } = new Role("backup_operator_role", "Backup Operator", "Can perform import and export operations",
13-
policies: new List<string> {
13+
policies: [
1414
StandardPolicies.ManagedInstanceSystemExport,
1515
StandardPolicies.ManagedInstanceSystemImport
16-
});
16+
]);
1717

1818
public static Role Administrator { get; } = new Role("sysadmin_role", "Administrator", "Certify Server Administrator",
19-
policies: new List<string> {
19+
policies: [
2020
StandardPolicies.ManagementHubAdmin,
2121
StandardPolicies.ManagedItemAdmin,
2222
StandardPolicies.CertificateAuthorityAdmin,
@@ -30,22 +30,22 @@ public class StandardRoles
3030
StandardPolicies.ManagedInstanceSystemExport,
3131
StandardPolicies.ManagedInstanceSystemImport,
3232
StandardPolicies.SystemUser
33-
});
33+
]);
3434

3535
public static Role CertificateManager { get; } = new Role("cert_manager_role", "Certificate Manager", "Can manage and administer all certificates",
36-
policies: new List<string> {
36+
policies: [
3737
StandardPolicies.ManagementHubReader,
3838
StandardPolicies.ManagedItemAdmin,
3939
StandardPolicies.StoredCredentialAdmin
40-
});
40+
]);
4141

42-
public static Role CertificateConsumer { get; } = new Role("cert_consumer_role", "Certificate Consumer", "User of a given certificate", policies: new List<string> { StandardPolicies.CertificateConsumer });
42+
public static Role CertificateConsumer { get; } = new Role("cert_consumer_role", "Certificate Consumer", "User of a given certificate", policies: [StandardPolicies.CertificateConsumer]);
4343

44-
public static Role StoredCredentialConsumer { get; } = new Role("storedcredential_consumer_role", "Stored Credential Fetch Consumer", "Can fetch a decrypted stored credential", policies: new List<string> { StandardPolicies.StoredCredentialConsumer });
44+
public static Role StoredCredentialConsumer { get; } = new Role("storedcredential_consumer_role", "Stored Credential Fetch Consumer", "Can fetch a decrypted stored credential", policies: [StandardPolicies.StoredCredentialConsumer]);
4545

46-
public static Role ManagedChallengeConsumer { get; } = new Role("managedchallenge_consumer_role", "Managed Challenge Consumer", "Can perform specific managed challenges", policies: new List<string> { StandardPolicies.ManagedChallengeConsumer });
46+
public static Role ManagedChallengeConsumer { get; } = new Role("managedchallenge_consumer_role", "Managed Challenge Consumer", "Can perform specific managed challenges", policies: [StandardPolicies.ManagedChallengeConsumer]);
4747

48-
public static Role ManagedInstance { get; } = new Role("managedinstance_role", "Hub Managed Instance", "Can join the hub and be managed via the hub.", policies: new List<string> { StandardPolicies.ManagedInstance });
48+
public static Role ManagedInstance { get; } = new Role("managedinstance_role", "Hub Managed Instance", "Can join the hub and be managed via the hub.", policies: [StandardPolicies.ManagedInstance]);
4949
}
5050

5151
public class StandardIdentityProviders
@@ -88,6 +88,7 @@ public class ResourceTypes
8888
public static string Target { get; } = "target";
8989
public static string ChallengeProvider { get; } = "challengeprovider";
9090
public static string DeploymentTask { get; } = "deploymenttask";
91+
public static string Tag { get; } = "tag";
9192
}
9293

9394
public static class StandardResourceActions
@@ -173,6 +174,11 @@ public static class StandardResourceActions
173174
public const string DeploymentTaskExecute = "deploymenttask_execute_action";
174175
public const string DeploymentTaskListProviders = "deploymenttask_list_providers_action";
175176

177+
public const string TagAdd = "managementhub_tag_add_action";
178+
public const string TagDelete = "managementhub_tag_delete_action";
179+
public const string TagUpdate = "managementhub_tag_update_action";
180+
public const string TagList = "managementhub_tag_list_action";
181+
176182
}
177183

178184
public class StandardPolicies
@@ -193,28 +199,29 @@ public class StandardPolicies
193199
public const string ManagedInstanceSystemImport = "system_import_policy";
194200
public const string ManagedInstanceSystemExport = "system_export_policy";
195201
public const string SystemUser = "system_user_policy";
202+
public const string TagAdmin = "tag_admin_policy";
196203

197204
}
198205

199206
public static class Policies
200207
{
201208
public static List<Role> GetStandardRoles()
202209
{
203-
return new List<Role>
204-
{
210+
return
211+
[
205212
StandardRoles.Administrator,
206213
StandardRoles.CertificateManager,
207214
StandardRoles.CertificateConsumer,
208215
StandardRoles.StoredCredentialConsumer,
209216
StandardRoles.ManagedChallengeConsumer,
210217
StandardRoles.ManagedInstance,
211218
StandardRoles.BackupOperator
212-
};
219+
];
213220
}
214221

215222
public static List<ResourceAction> GetStandardResourceActions()
216223
{
217-
return new List<ResourceAction> {
224+
return [
218225

219226
new(StandardResourceActions.CertificateDownload, "Certificate Download", ResourceTypes.Certificate),
220227
new(StandardResourceActions.CertificateKeyDownload, "Certificate Private Key Download", ResourceTypes.Certificate),
@@ -298,19 +305,24 @@ public static List<ResourceAction> GetStandardResourceActions()
298305
new(StandardResourceActions.ChallengeProviderDnsZonesList, "List challenge provider DNS zones", ResourceTypes.ChallengeProvider),
299306

300307
new(StandardResourceActions.DeploymentTaskExecute, "Execute deployment task", ResourceTypes.DeploymentTask),
301-
new(StandardResourceActions.DeploymentTaskListProviders, "List deployment task providers", ResourceTypes.DeploymentTask)
308+
new(StandardResourceActions.DeploymentTaskListProviders, "List deployment task providers", ResourceTypes.DeploymentTask),
309+
310+
new(StandardResourceActions.TagList, "List item tags", ResourceTypes.Tag),
311+
new(StandardResourceActions.TagAdd, "Add item tags", ResourceTypes.Tag),
312+
new(StandardResourceActions.TagUpdate, "Update item tags", ResourceTypes.Tag),
313+
new(StandardResourceActions.TagDelete, "Delete item tags", ResourceTypes.Tag)
302314

303-
};
315+
];
304316
}
305317

306318
public static List<ResourcePolicy> GetStandardPolicies()
307319
{
308-
return new List<ResourcePolicy> {
320+
return [
309321
new() {
310322
Id = StandardPolicies.ManagedItemAdmin,
311323
Title = "Managed Item Administration",
312324
SecurityPermissionType = SecurityPermissionType.ALLOW,
313-
ResourceActions = new List<string> {
325+
ResourceActions = [
314326
StandardResourceActions.ManagedItemList,
315327
StandardResourceActions.ManagedItemAdd,
316328
StandardResourceActions.ManagedItemUpdate,
@@ -330,113 +342,113 @@ public static List<ResourcePolicy> GetStandardPolicies()
330342
StandardResourceActions.ChallengeProviderDnsZonesList,
331343
StandardResourceActions.DeploymentTaskExecute,
332344
StandardResourceActions.DeploymentTaskListProviders
333-
}
345+
]
334346
},
335347
new() {
336348
Id = StandardPolicies.AccessAdmin,
337349
Title = "Access Control Administration",
338350
SecurityPermissionType = SecurityPermissionType.ALLOW,
339-
ResourceActions = new List<string> {
351+
ResourceActions = [
340352
StandardResourceActions.SecurityPrincipleList,
341353
StandardResourceActions.SecurityPrincipleAdd,
342354
StandardResourceActions.SecurityPrincipleUpdate,
343355
StandardResourceActions.SecurityPrincipleDelete,
344356
StandardResourceActions.SecurityPrinciplePasswordUpdate,
345357
StandardResourceActions.SecurityPrincipleUpdateAssignedRoles
346358

347-
}
359+
]
348360
},
349361
new() {
350362
Id = StandardPolicies.AccessTokenAdmin,
351363
Title = "Access Token Administration",
352364
SecurityPermissionType = SecurityPermissionType.ALLOW,
353-
ResourceActions = new List<string> {
365+
ResourceActions = [
354366
StandardResourceActions.AccessTokenList,
355367
StandardResourceActions.AccessTokenAdd,
356368
StandardResourceActions.AccessTokenDelete,
357369
StandardResourceActions.AccessTokenUpdate,
358-
}
370+
]
359371
},
360372
new() {
361373
Id = StandardPolicies.CertificateConsumer,
362374
Title = "Consume Certificates",
363375
SecurityPermissionType = SecurityPermissionType.ALLOW,
364-
ResourceActions = new List<string> {
376+
ResourceActions = [
365377
StandardResourceActions.CertificateDownload,
366378
StandardResourceActions.CertificateKeyDownload
367-
}
379+
]
368380
},
369381
new() {
370382
Id = StandardPolicies.CertificateAuthorityAdmin,
371383
Title = "Certificate Authority Administration",
372384
SecurityPermissionType = SecurityPermissionType.ALLOW,
373-
ResourceActions = new List<string> {
385+
ResourceActions = [
374386
StandardResourceActions.CertificateAuthorityAdd,
375387
StandardResourceActions.CertificateAuthorityUpdate,
376388
StandardResourceActions.CertificateAuthorityDelete,
377389
StandardResourceActions.CertificateAuthorityList
378-
}
390+
]
379391
},
380392
new() {
381393
Id = StandardPolicies.AcmeAccountAdmin,
382394
Title = "ACME Account Administration",
383395
SecurityPermissionType = SecurityPermissionType.ALLOW,
384-
ResourceActions = new List<string> {
396+
ResourceActions = [
385397
StandardResourceActions.AcmeAccountList,
386398
StandardResourceActions.AcmeAccountAdd,
387399
StandardResourceActions.AcmeAccountUpdate,
388400
StandardResourceActions.AcmeAccountDelete
389-
}
401+
]
390402
},
391403
new() {
392404
Id = StandardPolicies.StoredCredentialAdmin,
393405
Title = "Stored Credential Administration",
394406
SecurityPermissionType = SecurityPermissionType.ALLOW,
395-
ResourceActions = new List<string> {
407+
ResourceActions = [
396408
StandardResourceActions.StoredCredentialList,
397409
StandardResourceActions.StoredCredentialAdd,
398410
StandardResourceActions.StoredCredentialUpdate,
399411
StandardResourceActions.StoredCredentialDelete
400-
}
412+
]
401413
},
402414
new() {
403415
Id = StandardPolicies.StoredCredentialConsumer,
404416
Title = "Stored Credential Consumer",
405417
Description = "Provides access to fetch a decrypted stored credential.",
406418
SecurityPermissionType = SecurityPermissionType.ALLOW,
407419
IsResourceSpecific = true,
408-
ResourceActions = new List<string> {
420+
ResourceActions = [
409421
StandardResourceActions.StoredCredentialDownload
410-
}
422+
]
411423
},
412424
new() {
413425
Id = StandardPolicies.ManagedChallengeAdmin,
414426
Title = "Managed Challenge Administration",
415427
SecurityPermissionType = SecurityPermissionType.ALLOW,
416-
ResourceActions = new List<string> {
428+
ResourceActions = [
417429
StandardResourceActions.ManagedChallengeList,
418430
StandardResourceActions.ManagedChallengeUpdate,
419431
StandardResourceActions.ManagedChallengeDelete
420-
}
432+
]
421433
},
422434
new() {
423435
Id = StandardPolicies.ManagedChallengeConsumer,
424436
Title = "Managed Challenge Consumer",
425437
Description = "Allows consumer to request that a managed challenge be performed.",
426438
SecurityPermissionType = SecurityPermissionType.ALLOW,
427439
IsResourceSpecific = true,
428-
ResourceActions = new List<string> {
440+
ResourceActions = [
429441
StandardResourceActions.ManagedChallengeRequest,
430442
StandardResourceActions.ManagedChallengeCleanup
431-
}
443+
]
432444
},
433445
new() {
434446
Id = StandardPolicies.ManagementHubAdmin,
435447
Title = "Management Hub Admin",
436448
Description = "Administer management hub.",
437449
SecurityPermissionType = SecurityPermissionType.ALLOW,
438450
IsResourceSpecific = true,
439-
ResourceActions = new List<string> {
451+
ResourceActions = [
440452
StandardResourceActions.ManagementHubInstancesList,
441453
StandardResourceActions.ManagementHubInstanceAdd,
442454
StandardResourceActions.ManagementHubInstanceUpdate,
@@ -447,61 +459,72 @@ public static List<ResourcePolicy> GetStandardPolicies()
447459
StandardResourceActions.SystemServiceConfigList,
448460
StandardResourceActions.SystemServiceConfigUpdate,
449461

450-
}
462+
]
451463
},
452464
new() {
453465
Id = StandardPolicies.ManagementHubReader,
454466
Title = "Management Hub Reader",
455467
Description = "View management hub.",
456468
SecurityPermissionType = SecurityPermissionType.ALLOW,
457469
IsResourceSpecific = true,
458-
ResourceActions = new List<string> {
470+
ResourceActions = [
459471
StandardResourceActions.ManagementHubInstancesList
460-
}
472+
]
461473
},
462474
new() {
463475
Id = StandardPolicies.ManagedInstance,
464476
Title = "Management Hub Managed Instance",
465477
Description = "Join management hub and allow to be managed by hub.",
466478
SecurityPermissionType = SecurityPermissionType.ALLOW,
467479
IsResourceSpecific = true,
468-
ResourceActions = new List<string> {
480+
ResourceActions = [
469481
StandardResourceActions.ManagementHubInstanceJoin
470-
}
482+
]
471483
},
472484
new() {
473485
Id = StandardPolicies.ManagedInstanceSystemImport,
474486
Title = "Instance Configuration Import",
475487
Description = "Import system configuration and apply to a target instance",
476488
SecurityPermissionType = SecurityPermissionType.ALLOW,
477489
IsResourceSpecific = true,
478-
ResourceActions = new List<string> {
490+
ResourceActions = [
479491
StandardResourceActions.ManagementHubInstanceImport
480-
}
492+
]
481493
},
482494
new() {
483495
Id = StandardPolicies.ManagedInstanceSystemExport,
484496
Title = "Instance Configuration Export",
485497
Description = "Export system configuration for a target instance",
486498
SecurityPermissionType = SecurityPermissionType.ALLOW,
487499
IsResourceSpecific = true,
488-
ResourceActions = new List<string> {
500+
ResourceActions = [
489501
StandardResourceActions.ManagementHubInstanceExport
490-
}
502+
]
491503
},
492-
new() {
504+
new() {
493505
Id = StandardPolicies.SystemUser,
494506
Title = "System User",
495507
Description = "Perform general system use actions",
496508
SecurityPermissionType = SecurityPermissionType.ALLOW,
497509
IsResourceSpecific = true,
498-
ResourceActions = new List<string> {
510+
ResourceActions = [
499511
StandardResourceActions.SecurityPrincipleCheckAccess,
500512
StandardResourceActions.SecurityPrinciplePasswordValidate,
501513
StandardResourceActions.RoleList,
502-
}
503-
}
504-
};
514+
]
515+
},
516+
new() {
517+
Id = StandardPolicies.TagAdmin,
518+
Title = "Tag Administration",
519+
SecurityPermissionType = SecurityPermissionType.ALLOW,
520+
ResourceActions = [
521+
StandardResourceActions.TagList,
522+
StandardResourceActions.TagAdd,
523+
StandardResourceActions.TagUpdate,
524+
StandardResourceActions.TagDelete
525+
]
526+
},
527+
];
505528
}
506529
}
507530

@@ -632,19 +655,19 @@ public static async Task ConfigureStandardUsersAndRoles(IAccessControl access, I
632655
Id = Guid.NewGuid().ToString(),
633656
SecurityPrincipleId = managedInstanceSpId,
634657
Title = "Managed Instance Hub Joining Key",
635-
AccessTokens = new List<AccessToken> {
658+
AccessTokens = [
636659
new AccessToken {
637660
ClientId = managedInstanceSpId,
638661
Description = "System Generated",
639662
Secret = Guid.NewGuid().ToString().ToLowerInvariant(),
640663
TokenType = AccessTokenTypes.Simple,
641664
DateCreated = DateTime.UtcNow
642665
}
643-
},
644-
ScopedAssignedRoles = new List<string> {
666+
],
667+
ScopedAssignedRoles = [
645668
// scope assigned role is the id for AssignedRole (not the role id itself)
646669
assignedRoles.First(a=>a.RoleId==StandardRoles.ManagedInstance.Id).Id
647-
},
670+
],
648671
};
649672

650673
await access.AddAssignedAccessToken(adminSpId, assignedApiAccessToken);

0 commit comments

Comments
 (0)