Implement additional tests for ApiMethods and Resource Action definitions

Author: webprofusion-chrisc

src/Certify.Models/Hub/AccessControlConfig.cs

@@ -9,6 +9,12 @@ namespace Certify.Models.Hub
 {
     public class StandardRoles
     {
+        internal static Role BackupOperator { get; } = new Role("backup_operator_role", "Backup Operator", "Can perform import and export operations",
+            policies: new List<string> {
+                StandardPolicies.ManagedInstanceSystemExport,
+                StandardPolicies.ManagedInstanceSystemImport
+            });
+
         public static Role Administrator { get; } = new Role("sysadmin_role", "Administrator", "Certify Server Administrator",
             policies: new List<string> {
                      StandardPolicies.ManagementHubAdmin,
@@ -18,9 +24,11 @@ public class StandardRoles
                      StandardPolicies.StoredCredentialAdmin,
                      StandardPolicies.ManagedChallengeAdmin,
                      StandardPolicies.AccessAdmin,
+                     StandardPolicies.AccessTokenAdmin,
                      StandardPolicies.CertificateConsumer,
-                     StandardPolicies.AccessAdmin,
-                     StandardPolicies.ManagedChallengeAdmin
+                     StandardPolicies.ManagedChallengeAdmin,
+                     StandardPolicies.ManagedInstanceSystemExport,
+                     StandardPolicies.ManagedInstanceSystemImport
                     });
 
         public static Role CertificateManager { get; } = new Role("cert_manager_role", "Certificate Manager", "Can manage and administer all certificates",
@@ -66,6 +74,7 @@ public class ResourceTypes
     {
         public static string System { get; } = "system";
         public static string SecurityPrinciple { get; } = "securityprinciple";
+        public static string Role { get; } = "role";
         public static string AccessToken { get; } = "accesstoken";
         public static string Domain { get; } = "domain";
         public static string ManagedItem { get; } = "manageditem";
@@ -122,6 +131,8 @@ public static class StandardResourceActions
         public const string SecurityPrinciplePasswordValidate = "securityprinciple_password_validate_action";
         public const string SecurityPrincipleCheckAccess = "securityprinciple_access_check_action";
 
+        public const string RoleList = "role_list_action";
+
         public const string ManagedChallengeList = "managedchallenge_list_action";
         public const string ManagedChallengeUpdate = "managedchallenge_update_action";
         public const string ManagedChallengeDelete = "managedchallenge_update_action";
@@ -134,14 +145,16 @@ public static class StandardResourceActions
         public const string ManagementHubInstanceAdd = "managementhub_instance_add_action";
         public const string ManagementHubInstanceUpdate = "managementhub_instance_update_action";
 
+        public const string ManagementHubInstanceExport = "managementhub_instance_export_action";
+        public const string ManagementHubInstanceImport = "managementhub_instance_import_action";
+
         public const string AccessTokenList = "accesstoken_list_action";
         public const string AccessTokenAdd = "accesstoken_add_action";
         public const string AccessTokenUpdate = "accesstoken_update_action";
         public const string AccessTokenDelete = "accesstoken_delete_action";
 
         public const string SystemGeneralAction = "system_general_action";
-        public const string SystemExport = "system_export_action";
-        public const string SystemImport = "system_import_action";
+
         public const string SystemStatusList = "system_status_list_action";
         public const string SystemServiceConfigList = "system_serviceconfig_list_action";
         public const string SystemCoreSettingsList = "system_coresettings_list_action";
@@ -157,13 +170,14 @@ public static class StandardResourceActions
         public const string ChallengeProviderDnsZonesList = "challengeprovider_dnszones_list_action";
 
         public const string DeploymentTaskExecute = "deploymenttask_execute_action";
+        public const string DeploymentTaskListProviders = "deploymenttask_list_providers_action";
 
-        public const string CertificateDelete = "certificate_delete_action";
     }
 
     public class StandardPolicies
     {
         public const string AccessAdmin = "access_admin_policy";
+        public const string AccessTokenAdmin = "accesstoken_admin_policy";
         public const string ManagedItemAdmin = "manageditem_admin_policy";
         public const string CertificateConsumer = "certificate_consumer_policy";
         public const string CertificateAuthorityAdmin = "ca_admin_policy";
@@ -175,6 +189,8 @@ public class StandardPolicies
         public const string ManagementHubAdmin = "managementhub_admin_policy";
         public const string ManagementHubReader = "managementhub_reader_policy";
         public const string ManagedInstance = "managementhub_managedinstance_policy";
+        public const string ManagedInstanceSystemImport = "system_import_policy";
+        public const string ManagedInstanceSystemExport = "system_export_policy";
     }
 
     public static class Policies
@@ -188,7 +204,8 @@ public static List<Role> GetStandardRoles()
                 StandardRoles.CertificateConsumer,
                 StandardRoles.StoredCredentialConsumer,
                 StandardRoles.ManagedChallengeConsumer,
-                StandardRoles.ManagedInstance
+                StandardRoles.ManagedInstance,
+                StandardRoles.BackupOperator
             };
         }
 
@@ -218,8 +235,18 @@ public static List<ResourceAction> GetStandardResourceActions()
                 new(StandardResourceActions.SecurityPrincipleList, "List Security Principles", ResourceTypes.SecurityPrinciple),
                 new(StandardResourceActions.SecurityPrincipleAdd, "Add New Security Principle", ResourceTypes.SecurityPrinciple),
                 new(StandardResourceActions.SecurityPrincipleUpdate,"Update Security Principles", ResourceTypes.SecurityPrinciple),
+                new(StandardResourceActions.SecurityPrincipleUpdateAssignedRoles,"Update Security Principle Assigned Roles", ResourceTypes.SecurityPrinciple),
                 new(StandardResourceActions.SecurityPrinciplePasswordUpdate, "Update Security Principle Passwords", ResourceTypes.SecurityPrinciple),
                 new(StandardResourceActions.SecurityPrincipleDelete, "Delete Security Principle", ResourceTypes.SecurityPrinciple),
+                new(StandardResourceActions.SecurityPrincipleCheckAccess, "Check Security Principle Access", ResourceTypes.SecurityPrinciple),
+                new(StandardResourceActions.SecurityPrinciplePasswordValidate, "Validate Security Principle Passwords", ResourceTypes.SecurityPrinciple),
+
+                new(StandardResourceActions.AccessTokenAdd, "Add Access Token", ResourceTypes.AccessToken),
+                new(StandardResourceActions.AccessTokenDelete, "Delete Access Token", ResourceTypes.AccessToken),
+                new(StandardResourceActions.AccessTokenList, "List Access Tokens", ResourceTypes.AccessToken),
+                new(StandardResourceActions.AccessTokenUpdate, "Update Access Token", ResourceTypes.AccessToken),
+
+                new(StandardResourceActions.RoleList, "List Roles", ResourceTypes.Role),
 
                 new(StandardResourceActions.ManagedItemRequest, "Request New Managed Items", ResourceTypes.ManagedItem),
 
@@ -247,9 +274,12 @@ public static List<ResourceAction> GetStandardResourceActions()
                 new(StandardResourceActions.ManagementHubInstancesList, "List managed instances", ResourceTypes.ManagedInstance),
                 new(StandardResourceActions.ManagementHubInstanceJoin, "Join management hub as a managed instance", ResourceTypes.ManagedInstance),
                 new(StandardResourceActions.ManagementHubInstanceDelete, "Delete managed instance from the hub", ResourceTypes.ManagedInstance),
+                new(StandardResourceActions.ManagementHubInstanceAdd, "Add managed instance details to the hub", ResourceTypes.ManagedInstance),
+                new(StandardResourceActions.ManagementHubInstanceUpdate, "Update managed instance detail in the hub", ResourceTypes.ManagedInstance),
+
+                new(StandardResourceActions.ManagementHubInstanceExport, "Export system configuration", ResourceTypes.ManagedInstance),
+                new(StandardResourceActions.ManagementHubInstanceImport, "Import system configuration", ResourceTypes.ManagedInstance),
 
-                new(StandardResourceActions.SystemExport, "Export system configuration", ResourceTypes.System),
-                new(StandardResourceActions.SystemImport, "Import system configuration", ResourceTypes.System),
                 new(StandardResourceActions.SystemStatusList, "List system status", ResourceTypes.System),
                 new(StandardResourceActions.SystemServiceConfigList, "List system service configuration", ResourceTypes.System),
                 new(StandardResourceActions.SystemCoreSettingsList, "List system core settings", ResourceTypes.System),
@@ -264,7 +294,8 @@ public static List<ResourceAction> GetStandardResourceActions()
                 new(StandardResourceActions.ChallengeProviderList, "List challenge providers", ResourceTypes.ChallengeProvider),
                 new(StandardResourceActions.ChallengeProviderDnsZonesList, "List challenge provider DNS zones", ResourceTypes.ChallengeProvider),
 
-                new(StandardResourceActions.DeploymentTaskExecute, "Execute deployment task", ResourceTypes.DeploymentTask)
+                new(StandardResourceActions.DeploymentTaskExecute, "Execute deployment task", ResourceTypes.DeploymentTask),
+                new(StandardResourceActions.DeploymentTaskListProviders, "List deployment task providers", ResourceTypes.DeploymentTask)
 
             };
         }
@@ -302,6 +333,17 @@ public static List<ResourcePolicy> GetStandardPolicies()
                         StandardResourceActions.SecurityPrinciplePasswordUpdate
                     }
                 },
+                new() {
+                     Id = StandardPolicies.AccessTokenAdmin,
+                     Title = "Access Token Administration",
+                     SecurityPermissionType = SecurityPermissionType.ALLOW,
+                     ResourceActions = new List<string> {
+                         StandardResourceActions.AccessTokenList,
+                         StandardResourceActions.AccessTokenAdd,
+                         StandardResourceActions.AccessTokenDelete,
+                         StandardResourceActions.AccessTokenUpdate,
+                     }
+                 },
                 new() {
                     Id = StandardPolicies.CertificateConsumer,
                     Title = "Consume Certificates",
@@ -396,15 +438,35 @@ public static List<ResourcePolicy> GetStandardPolicies()
                     }
                 },
                 new() {
-                    Id = StandardPolicies.ManagedInstance,
-                    Title = "Management Hub Managed Instance",
-                    Description = "Join management hub and alow to be managed by hub.",
-                    SecurityPermissionType = SecurityPermissionType.ALLOW,
-                    IsResourceSpecific = true,
-                    ResourceActions = new List<string> {
-                        StandardResourceActions.ManagementHubInstanceJoin
-                    }
-                }
+                     Id = StandardPolicies.ManagedInstance,
+                     Title = "Management Hub Managed Instance",
+                     Description = "Join management hub and allow to be managed by hub.",
+                     SecurityPermissionType = SecurityPermissionType.ALLOW,
+                     IsResourceSpecific = true,
+                     ResourceActions = new List<string> {
+                         StandardResourceActions.ManagementHubInstanceJoin
+                     }
+                 },
+                  new() {
+                 Id = StandardPolicies.ManagedInstanceSystemImport,
+                 Title = "Instance Configuration Import",
+                 Description = "Import system configuration and apply to a target instance",
+                 SecurityPermissionType = SecurityPermissionType.ALLOW,
+                 IsResourceSpecific = true,
+                 ResourceActions = new List<string> {
+                     StandardResourceActions.ManagementHubInstanceImport
+                 }
+             },
+              new() {
+                 Id = StandardPolicies.ManagedInstanceSystemExport,
+                 Title = "Instance Configuration Export",
+                 Description = "Export system configuration for a target instance",
+                 SecurityPermissionType = SecurityPermissionType.ALLOW,
+                 IsResourceSpecific = true,
+                 ResourceActions = new List<string> {
+                     StandardResourceActions.ManagementHubInstanceExport
+                 }
+              }
             };
         }
     }

src/Certify.SourceGenerators/ApiMethods.cs

@@ -111,7 +111,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
                     PublicAPIRoute = "roles",
                     ServiceAPIRoute = "access/roles",
                     ReturnType = $"ICollection<{nameof(Role)}>",
-                    RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemGeneralAction)]
+                    RequiredPermissions = [new(ResourceTypes.Role, StandardResourceActions.RoleList)]
                 },
                 new()
                 {
@@ -358,29 +358,29 @@ public static List<GeneratedAPI> GetApiDefinitions()
                     ReturnType = actionResultTypeName,
                     Params = new Dictionary<string, string>
                     {
-                        { "request", "Certify.Models.Hub.ManagedChallengeRequest" }
+                        { "request", GetFormattedTypeName(typeof(Certify.Models.Hub.ManagedChallengeRequest)) }
                     },
                     RequiredPermissions = [new(ResourceTypes.ManagedChallenge, StandardResourceActions.ManagedChallengeCleanup)]
                 },
                 new()
                 {
                     OperationName = "PerformExport",
                     OperationMethod = HttpPost,
-                    Comment = "Perform an export of all settings",
+                    Comment = "Perform an export of all settings for an instance",
                     ServiceAPIRoute = "system/migration/export",
-                    ReturnType = "Models.Config.Migration.ImportExportPackage",
-                    Params = new Dictionary<string, string> { { "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } },
-                    RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemExport)]
+                    ReturnType = GetFormattedTypeName(typeof(Models.Config.Migration.ImportExportPackage)),
+                    Params = new Dictionary<string, string> { { "exportRequest", GetFormattedTypeName(typeof(Certify.Models.Config.Migration.ExportRequest)) } },
+                    RequiredPermissions = [new(ResourceTypes.ManagedInstance, StandardResourceActions.ManagementHubInstanceExport)]
                 },
                 new()
                 {
                     OperationName = "PerformImport",
                     OperationMethod = HttpPost,
-                    Comment = "Perform an import of all settings",
+                    Comment = "Perform an import of all settings for an instance",
                     ServiceAPIRoute = "system/migration/import",
                     ReturnType = "ICollection<ActionStep>",
-                    Params = new Dictionary<string, string> { { "importRequest", "Certify.Models.Config.Migration.ImportRequest" } },
-                    RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemImport)]
+                    Params = new Dictionary<string, string> { { "importRequest", GetFormattedTypeName(typeof(Certify.Models.Config.Migration.ImportRequest)) } },
+                    RequiredPermissions = [new(ResourceTypes.ManagedInstance, StandardResourceActions.ManagementHubInstanceImport)]
                 },
                 /* per instance API, via management hub */
                 new()
@@ -503,7 +503,8 @@ public static List<GeneratedAPI> GetApiDefinitions()
                     Params = new Dictionary<string, string>
                     {
                         { "instanceId", "string" }
-                    }
+                    },
+                    RequiredPermissions = [new(ResourceTypes.DeploymentTask, StandardResourceActions.DeploymentTaskListProviders)]
                 },
                 new()
                  {
@@ -641,9 +642,9 @@ public static List<GeneratedAPI> GetApiDefinitions()
                     UseManagementAPI = true,
                     PublicAPIController = "System",
                     PublicAPIRoute = "{instanceId}/system/migration/export",
-                    ReturnType = "Models.Config.Migration.ImportExportPackage",
-                    Params = new Dictionary<string, string> { { "instanceId", "string" }, { "exportRequest", "Certify.Models.Config.Migration.ExportRequest" } },
-                    RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemExport)]
+                    ReturnType =  GetFormattedTypeName(typeof(Models.Config.Migration.ImportExportPackage)),
+                    Params = new Dictionary<string, string> { { "instanceId", "string" }, { "exportRequest",  GetFormattedTypeName(typeof(Certify.Models.Config.Migration.ExportRequest)) } },
+                    RequiredPermissions = [new(ResourceTypes.ManagedInstance, StandardResourceActions.ManagementHubInstanceExport)]
                 },
                 new()
                 {
@@ -654,8 +655,8 @@ public static List<GeneratedAPI> GetApiDefinitions()
                     PublicAPIController = "System",
                     PublicAPIRoute = "{instanceId}/system/migration/import",
                     ReturnType = "ICollection<ActionStep>",
-                    Params = new Dictionary<string, string> { { "instanceId", "string" }, { "importRequest", "Certify.Models.Config.Migration.ImportRequest" } },
-                    RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemImport)]
+                    Params = new Dictionary<string, string> { { "instanceId", "string" }, { "importRequest",  GetFormattedTypeName(typeof(Certify.Models.Config.Migration.ImportRequest)) } },
+                    RequiredPermissions = [new(ResourceTypes.ManagedInstance, StandardResourceActions.ManagementHubInstanceImport)]
                 },
                 new()
                 {

src/Certify.Tests/Certify.Core.Tests.Unit/Certify.Core.Tests.Unit.csproj

@@ -76,6 +76,7 @@
 
         <ProjectReference Include="..\..\Certify.Providers\ACME\Anvil\Certify.Providers.ACME.Anvil.csproj" />
         <ProjectReference Include="..\..\Certify.Shared\Certify.Shared.Core.csproj" />
+        <ProjectReference Include="..\..\Certify.SourceGenerators\Certify.SourceGenerators.csproj" />
 
     </ItemGroup>
     <ItemGroup>