[PM-40526] Access Leasing: domain#8001
Conversation
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Reviewed the pure-domain slice extracting the PAM access-request/lease flow into Code Review Details
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## pam/access-rule-engine #8001 +/- ##
==========================================================
+ Coverage 62.20% 66.68% +4.47%
==========================================================
Files 2308 2313 +5
Lines 100343 100411 +68
Branches 9068 9068
==========================================================
+ Hits 62422 66959 +4537
+ Misses 35740 31172 -4568
- Partials 2181 2280 +99 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
d15334c to
b7eebb4
Compare
fcbbb6d to
504efaf
Compare
Extract the pure domain for the PAM access-request/lease flow into Pam.Domain, alongside the existing AccessRule domain: the AccessRequest and AccessDecision and AccessLease entities, their status/kind/verdict/outcome enums, the request projection models (AccessRequestDetails, AccessRequestDecision), and the IAccessRequestRepository and IAccessLeaseRepository contracts. Requests and leases ship as one feature because their persistence is coupled (AccessRequest.ExtensionOfLeaseId FKs AccessLease; the request reads project lease status). No audit surface is included (deferred, as on the rule slice).
Add XML doc comments to the AccessRequest/AccessLease/AccessDecision entities, their status/verdict/kind enum members, and the denormalized identity fields on the AccessRequestDetails read model. Documents the non-obvious semantics (nullability, lifecycle, granted vs requested window) while leaving plain ids and straight projections bare.
Use <inheritdoc cref> on the six read-model fields that project AccessRequest verbatim, so their documentation tracks the entity instead of duplicating it.
504efaf to
f4a2254
Compare
b7eebb4 to
3c540d8
Compare
|
|
||
| /// <summary> | ||
| /// The kind of access condition that produced an automatic <see cref="Entities.AccessDecision"/>. Mirrors the | ||
| /// <c>kind</c> discriminator on <see cref="Models.Conditions.AccessCondition"/>, which remains the JSON wire format |
There was a problem hiding this comment.
🎨 SUGGESTED: Models.Conditions.AccessCondition does not resolve
Details and fix
No AccessCondition type exists under Bit.Pam.Models.Conditions (or anywhere in the codebase), so this <see cref> will not link. The sibling AccessRule.cs documents the same concept with plain code markup precisely because the type isn't referenceable from this project:
/// <c>kind</c> discriminator on <c>AccessCondition</c>, which remains the JSON wire formatSwitching to <c>AccessCondition</c> keeps the two files consistent and avoids a dangling reference. (Doc-only; no build impact since GenerateDocumentationFile is not set.)
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-40526
📔 Objective
Extract the pure domain for the PAM access-request/lease flow into
Pam.Domain, alongside the existingAccessRuledomain:AccessRequest,AccessDecision, andAccessLeaseentities and their status/kind/verdict/outcome enums.AccessRequestDetails,AccessRequestDecision).IAccessRequestRepositoryandIAccessLeaseRepositorycontracts.Requests and leases ship as one feature because their persistence is coupled (
AccessRequest.ExtensionOfLeaseIdFKsAccessLease; the request reads project lease status). No audit surface is included (deferred, as on the rule slice).