self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-21 01:34:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Billing Access to default admin role (#5925)

Browse source 
* Add Billing Access to default admin role
* Update e-ref
This commit is contained in:
Alexey Kontsevoy 2021-03-10 16:01:05 -05:00 committed by GitHub
parent b8931e25c5
commit 8490e99aaf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
e

@ -1 +1 @@
Subproject commit 92369f7cf988f83c83f957cdb2930e7b03527476
Subproject commit 3ec91b6ad87acdab25d262097edd12302c7c8b53

30
lib/services/role.go
View file

@ -30,6 +30,7 @@ import (
"github.com/gravitational/teleport/api/types"
"github.com/gravitational/teleport/api/types/wrappers"
"github.com/gravitational/teleport/lib/defaults"
"github.com/gravitational/teleport/lib/modules"
"github.com/gravitational/teleport/lib/tlsca"
"github.com/gravitational/teleport/lib/utils"
"github.com/gravitational/teleport/lib/utils/parse"
@ -42,16 +43,24 @@ import (
"github.com/vulcand/predicate"
)
// ExtendedAdminUserRules provides access to the default set of rules assigned to
// getExtendedAdminUserRules provides access to the default set of rules assigned to
// all users.
var ExtendedAdminUserRules = []Rule{
NewRule(KindRole, RW()),
NewRule(KindAuthConnector, RW()),
NewRule(KindSession, RO()),
NewRule(KindTrustedCluster, RW()),
NewRule(KindEvent, RO()),
NewRule(KindUser, RW()),
NewRule(KindToken, RW()),
func getExtendedAdminUserRules(features modules.Features) []Rule {
rules := []Rule{
NewRule(KindRole, RW()),
NewRule(KindAuthConnector, RW()),
NewRule(KindSession, RO()),
NewRule(KindTrustedCluster, RW()),
NewRule(KindEvent, RO()),
NewRule(KindUser, RW()),
NewRule(KindToken, RW()),
}
if features.Cloud {
rules = append(rules, NewRule(KindBilling, RW()))
}
return rules
}
// DefaultImplicitRules provides access to the default set of implicit rules
@ -95,8 +104,7 @@ func RoleNameForCertAuthority(name string) string {
// NewAdminRole is the default admin role for all local users if another role
// is not explicitly assigned (this role applies to all users in OSS version).
func NewAdminRole() Role {
adminRules := CopyRulesSlice(ExtendedAdminUserRules)
adminRules := getExtendedAdminUserRules(modules.GetModules().Features())
role := &RoleV3{
Kind: KindRole,
Version: V3,