From 43470589988e184daeb7c617af92e92cb13383cb Mon Sep 17 00:00:00 2001 From: Trent Clarke Date: Fri, 13 Dec 2024 14:44:57 +1100 Subject: [PATCH] Add reviewer role --- lib/services/presets.go | 3 +++ lib/services/presets_test.go | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/services/presets.go b/lib/services/presets.go index 1019dbd943274..f2557d1ea01e0 100644 --- a/lib/services/presets.go +++ b/lib/services/presets.go @@ -775,6 +775,7 @@ func defaultAllowAccessReviewConditions(enterprise bool) map[string]*types.Acces Roles: []string{ teleport.PresetAccessRoleName, teleport.PresetGroupAccessRoleName, + teleport.SystemIdentityCenterAccessRoleName, }, }, } @@ -946,6 +947,7 @@ func applyAccessRequestConditionDefaults(role types.Role, enterprise bool) bool target = *defaults changed = true } else { + target.Roles = mergeStrings(target.Roles, defaults.Roles, &changed) target.SearchAsRoles = mergeStrings(target.SearchAsRoles, defaults.SearchAsRoles, &changed) } @@ -968,6 +970,7 @@ func applyAccessReviewConditionDefaults(role types.Role, enterprise bool) bool { target = *defaults changed = true } else { + target.Roles = mergeStrings(target.Roles, defaults.Roles, &changed) target.PreviewAsRoles = mergeStrings(target.PreviewAsRoles, defaults.PreviewAsRoles, &changed) } diff --git a/lib/services/presets_test.go b/lib/services/presets_test.go index 3b25c1c5f5103..3e4f12c5d4084 100644 --- a/lib/services/presets_test.go +++ b/lib/services/presets_test.go @@ -368,7 +368,12 @@ func TestAddRoleDefaults(t *testing.T) { Spec: types.RoleSpecV6{ Allow: types.RoleConditions{ ReviewRequests: &types.AccessReviewConditions{ - Roles: []string{"some-role"}, + Roles: []string{ + teleport.PresetAccessRoleName, + teleport.SystemIdentityCenterAccessRoleName, + teleport.PresetGroupAccessRoleName, + "some-role", + }, PreviewAsRoles: []string{ teleport.PresetAccessRoleName, teleport.SystemIdentityCenterAccessRoleName,