bitwarden_sm/secrets/
update.rs

1use bitwarden_api_api::models::SecretUpdateRequestModel;
2use bitwarden_core::{OrganizationId, key_management::SymmetricKeySlotId};
3use bitwarden_crypto::PrimitiveEncryptable;
4use schemars::JsonSchema;
5use serde::{Deserialize, Serialize};
6use uuid::Uuid;
7use validator::Validate;
8
9use crate::{
10    SecretsManagerClient,
11    error::{SecretsManagerError, validate_only_whitespaces},
12    secrets::SecretResponse,
13};
14
15#[allow(missing_docs)]
16#[derive(Serialize, Deserialize, Debug, JsonSchema, Validate)]
17#[serde(rename_all = "camelCase", deny_unknown_fields)]
18pub struct SecretPutRequest {
19    /// ID of the secret to modify
20    pub id: Uuid,
21    /// Organization ID of the secret to modify
22    pub organization_id: Uuid,
23    #[validate(length(min = 1, max = 500), custom(function = validate_only_whitespaces))]
24    pub key: String,
25    #[validate(length(min = 1, max = 25_000))]
26    pub value: String,
27    #[validate(length(max = 7_000), custom(function = validate_only_whitespaces))]
28    pub note: String,
29    pub project_ids: Option<Vec<Uuid>>,
30    pub value_changed: bool,
31}
32
33pub(crate) async fn update_secret(
34    client: &SecretsManagerClient,
35    input: &SecretPutRequest,
36) -> Result<SecretResponse, SecretsManagerError> {
37    let client = client.client();
38    input.validate()?;
39
40    let key_store = client.internal.get_key_store();
41    let key = SymmetricKeySlotId::Organization(OrganizationId::new(input.organization_id));
42
43    let secret = {
44        let mut ctx = key_store.context();
45        Some(SecretUpdateRequestModel {
46            key: input.key.clone().trim().encrypt(&mut ctx, key)?.to_string(),
47            value: input.value.clone().encrypt(&mut ctx, key)?.to_string(),
48            note: input
49                .note
50                .clone()
51                .trim()
52                .encrypt(&mut ctx, key)?
53                .to_string(),
54            project_ids: input.project_ids.clone(),
55            access_policies_requests: None,
56            value_changed: Some(input.value_changed),
57        })
58    };
59
60    let config = client.internal.get_api_configurations();
61    let res = config
62        .api_client
63        .secrets_api()
64        .update_secret(input.id, secret)
65        .await?;
66
67    SecretResponse::process_response(res, &mut key_store.context())
68}
69
70#[cfg(test)]
71mod tests {
72    use super::*;
73
74    async fn update_secret(
75        key: Option<String>,
76        value: Option<String>,
77        note: Option<String>,
78    ) -> Result<SecretResponse, SecretsManagerError> {
79        let input = SecretPutRequest {
80            id: Uuid::new_v4(),
81            organization_id: Uuid::new_v4(),
82            key: key.unwrap_or_else(|| "test key".into()),
83            value: value.unwrap_or_else(|| "test value".into()),
84            note: note.unwrap_or_else(|| "test note".into()),
85            project_ids: Some(vec![Uuid::new_v4()]),
86            value_changed: false,
87        };
88
89        super::update_secret(&SecretsManagerClient::new(None), &input).await
90    }
91
92    #[tokio::test]
93    async fn test_update_secret_request_key_empty_string() {
94        let response = update_secret(Some("".into()), None, None).await;
95        assert!(response.is_err());
96        assert_eq!(response.err().unwrap().to_string(), "key must not be empty");
97    }
98
99    #[tokio::test]
100    async fn test_update_secret_request_key_all_whitespaces_space() {
101        let response = update_secret(Some(" ".into()), None, None).await;
102        assert!(response.is_err());
103        assert_eq!(
104            response.err().unwrap().to_string(),
105            "key must not contain only whitespaces"
106        );
107    }
108
109    #[tokio::test]
110    async fn test_update_secret_request_key_all_whitespaces_tab() {
111        let response = update_secret(Some("\t".into()), None, None).await;
112        assert!(response.is_err());
113        assert_eq!(
114            response.err().unwrap().to_string(),
115            "key must not contain only whitespaces"
116        );
117    }
118
119    #[tokio::test]
120    async fn test_update_secret_request_key_all_whitespaces_newline() {
121        let response = update_secret(Some("\n".into()), None, None).await;
122        assert!(response.is_err());
123        assert_eq!(
124            response.err().unwrap().to_string(),
125            "key must not contain only whitespaces"
126        );
127    }
128
129    #[tokio::test]
130    async fn test_update_secret_request_key_all_whitespaces_combined() {
131        let response = update_secret(Some(" \t\n".into()), None, None).await;
132        assert!(response.is_err());
133        assert_eq!(
134            response.err().unwrap().to_string(),
135            "key must not contain only whitespaces"
136        );
137    }
138
139    #[tokio::test]
140    async fn test_update_secret_request_key_501_character_length() {
141        let response = update_secret(Some("a".repeat(501)), None, None).await;
142        assert!(response.is_err());
143        assert_eq!(
144            response.err().unwrap().to_string(),
145            "key must not exceed 500 characters in length"
146        );
147    }
148
149    #[tokio::test]
150    async fn test_update_secret_request_value_empty_string() {
151        let response = update_secret(None, Some("".into()), None).await;
152        assert!(response.is_err());
153        assert_eq!(
154            response.err().unwrap().to_string(),
155            "value must not be empty"
156        );
157    }
158
159    #[tokio::test]
160    async fn test_update_secret_request_value_25001_character_length() {
161        let response = update_secret(None, Some("a".repeat(25001)), None).await;
162        assert!(response.is_err());
163        assert_eq!(
164            response.err().unwrap().to_string(),
165            "value must not exceed 25000 characters in length"
166        );
167    }
168
169    #[tokio::test]
170    async fn test_update_secret_request_note_all_whitespaces_space() {
171        let response = update_secret(None, None, Some(" ".into())).await;
172        assert!(response.is_err());
173        assert_eq!(
174            response.err().unwrap().to_string(),
175            "note must not contain only whitespaces"
176        );
177    }
178
179    #[tokio::test]
180    async fn test_update_secret_request_note_all_whitespaces_tab() {
181        let response = update_secret(None, None, Some("\t".into())).await;
182        assert!(response.is_err());
183        assert_eq!(
184            response.err().unwrap().to_string(),
185            "note must not contain only whitespaces"
186        );
187    }
188
189    #[tokio::test]
190    async fn test_update_secret_request_note_all_whitespaces_newline() {
191        let response = update_secret(None, None, Some("\n".into())).await;
192        assert!(response.is_err());
193        assert_eq!(
194            response.err().unwrap().to_string(),
195            "note must not contain only whitespaces"
196        );
197    }
198
199    #[tokio::test]
200    async fn test_update_secret_request_note_all_whitespaces_combined() {
201        let response = update_secret(None, None, Some(" \t\n".into())).await;
202        assert!(response.is_err());
203        assert_eq!(
204            response.err().unwrap().to_string(),
205            "note must not contain only whitespaces"
206        );
207    }
208
209    #[tokio::test]
210    async fn test_update_secret_request_note_7001_character_length() {
211        let response = update_secret(None, None, Some("a".repeat(7001))).await;
212        assert!(response.is_err());
213        assert_eq!(
214            response.err().unwrap().to_string(),
215            "note must not exceed 7000 characters in length"
216        );
217    }
218}
bitwarden_sm/secrets/update.rs

bitwarden_sm/secrets/
update.rs
