From f815a6cf6308e9a1a9460a4fdeec04fa68b93732 Mon Sep 17 00:00:00 2001
From: laurenleach <106626058+laurenleach@users.noreply.github.com>
Date: Wed, 13 Nov 2024 12:28:07 -0800
Subject: [PATCH] Grant expand role assignments  (#51)

* grant expand roles

* remove extra line
---
 pkg/connector/custom_role.go | 2 +-
 pkg/connector/role.go        | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/connector/custom_role.go b/pkg/connector/custom_role.go
index be143977..095b2467 100644
--- a/pkg/connector/custom_role.go
+++ b/pkg/connector/custom_role.go
@@ -77,7 +77,7 @@ func (o *customRoleResourceType) Entitlements(
 		sdkEntitlement.WithAnnotation(&v2.V1Identifier{
 			Id: V1MembershipEntitlementID(role.Type),
 		}),
-		sdkEntitlement.WithGrantableTo(resourceTypeUser),
+		sdkEntitlement.WithGrantableTo(resourceTypeUser, resourceTypeGroup),
 	)
 	rv = append(rv, en)
 
diff --git a/pkg/connector/role.go b/pkg/connector/role.go
index b11cda08..e036ec77 100644
--- a/pkg/connector/role.go
+++ b/pkg/connector/role.go
@@ -491,6 +491,10 @@ func roleGroupGrant(groupID string, resource *v2.Resource) *v2.Grant {
 		sdkGrant.WithAnnotation(&v2.V1Identifier{
 			Id: fmtGrantIdV1(V1MembershipEntitlementID(resource.Id.Resource), groupID),
 		}),
+		sdkGrant.WithAnnotation(&v2.GrantExpandable{
+			EntitlementIds: []string{fmt.Sprintf("group:%s:member", groupID)},
+			Shallow:        true,
+		}),
 	)
 }