Add reviewer role

gravitational · Dec 13, 2024 · 4347058 · 4347058
1 parent 16b5f33
commit 4347058
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/lib/services/presets.go b/lib/services/presets.go
@@ -775,6 +775,7 @@ func defaultAllowAccessReviewConditions(enterprise bool) map[string]*types.Acces
 				Roles: []string{
 					teleport.PresetAccessRoleName,
 					teleport.PresetGroupAccessRoleName,
+					teleport.SystemIdentityCenterAccessRoleName,
 				},
 			},
 		}
@@ -946,6 +947,7 @@ func applyAccessRequestConditionDefaults(role types.Role, enterprise bool) bool
 		target = *defaults
 		changed = true
 	} else {
+		target.Roles = mergeStrings(target.Roles, defaults.Roles, &changed)
 		target.SearchAsRoles = mergeStrings(target.SearchAsRoles, defaults.SearchAsRoles, &changed)
 	}
 
@@ -968,6 +970,7 @@ func applyAccessReviewConditionDefaults(role types.Role, enterprise bool) bool {
 		target = *defaults
 		changed = true
 	} else {
+		target.Roles = mergeStrings(target.Roles, defaults.Roles, &changed)
 		target.PreviewAsRoles = mergeStrings(target.PreviewAsRoles, defaults.PreviewAsRoles, &changed)
 	}
 

diff --git a/lib/services/presets_test.go b/lib/services/presets_test.go
@@ -368,7 +368,12 @@ func TestAddRoleDefaults(t *testing.T) {
 				Spec: types.RoleSpecV6{
 					Allow: types.RoleConditions{
 						ReviewRequests: &types.AccessReviewConditions{
-							Roles: []string{"some-role"},
+							Roles: []string{
+								teleport.PresetAccessRoleName,
+								teleport.SystemIdentityCenterAccessRoleName,
+								teleport.PresetGroupAccessRoleName,
+								"some-role",
+							},
 							PreviewAsRoles: []string{
 								teleport.PresetAccessRoleName,
 								teleport.SystemIdentityCenterAccessRoleName,