self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-19 08:43:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add device-specific verbs to RoleAdmin (#20505)

Browse source 
Add device-specific verbs to RoleAdmin, which are not included in the default
`RW()` set. Fixes issues while using `tctl devices add --enroll` and
`tctl devices enroll`.

#514
This commit is contained in:
Alan Parra 2023-01-20 19:33:08 -03:00 committed by GitHub
parent 7f5e822c18
commit e8e48a1c55
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/auth/permissions.go
View file

@ -670,6 +670,7 @@ func definitionForBuiltinRole(clusterName string, recConfig types.SessionRecordi
WindowsDesktopLabels: types.Labels{types.Wildcard: []string{types.Wildcard}},
Rules: []types.Rule{
types.NewRule(types.Wildcard, services.RW()),
types.NewRule(types.KindDevice, append(services.RW(), types.VerbCreateEnrollToken, types.VerbEnroll)),
},
},
})

2
lib/services/role.go
View file

@ -707,7 +707,7 @@ func RoleSetFromSpec(name string, spec types.RoleSpecV6) (RoleSet, error) {
return NewRoleSet(role), nil
}
// RW is a shortcut that returns all verbs.
// RW is a shortcut that returns all CRUD verbs.
func RW() []string {
return []string{types.VerbList, types.VerbCreate, types.VerbRead, types.VerbUpdate, types.VerbDelete}
}