From c48ef8240c7c1d6c512d2fbeeca8d63205820dba Mon Sep 17 00:00:00 2001 From: Lauren Leach Date: Wed, 13 Nov 2024 11:42:45 -0800 Subject: [PATCH 1/2] grant expand roles --- pkg/connector/custom_role.go | 3 ++- pkg/connector/role.go | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/connector/custom_role.go b/pkg/connector/custom_role.go index be143977..6b31b44f 100644 --- a/pkg/connector/custom_role.go +++ b/pkg/connector/custom_role.go @@ -77,7 +77,8 @@ func (o *customRoleResourceType) Entitlements( sdkEntitlement.WithAnnotation(&v2.V1Identifier{ Id: V1MembershipEntitlementID(role.Type), }), - sdkEntitlement.WithGrantableTo(resourceTypeUser), + sdkEntitlement.WithGrantableTo(resourceTypeUser, resourceTypeGroup), + ) rv = append(rv, en) diff --git a/pkg/connector/role.go b/pkg/connector/role.go index b11cda08..e036ec77 100644 --- a/pkg/connector/role.go +++ b/pkg/connector/role.go @@ -491,6 +491,10 @@ func roleGroupGrant(groupID string, resource *v2.Resource) *v2.Grant { sdkGrant.WithAnnotation(&v2.V1Identifier{ Id: fmtGrantIdV1(V1MembershipEntitlementID(resource.Id.Resource), groupID), }), + sdkGrant.WithAnnotation(&v2.GrantExpandable{ + EntitlementIds: []string{fmt.Sprintf("group:%s:member", groupID)}, + Shallow: true, + }), ) } From 725bbd0cc5879684f41ea7b151a8598007975d0c Mon Sep 17 00:00:00 2001 From: Lauren Leach Date: Wed, 13 Nov 2024 11:44:17 -0800 Subject: [PATCH 2/2] remove extra line --- pkg/connector/custom_role.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/connector/custom_role.go b/pkg/connector/custom_role.go index 6b31b44f..095b2467 100644 --- a/pkg/connector/custom_role.go +++ b/pkg/connector/custom_role.go @@ -78,7 +78,6 @@ func (o *customRoleResourceType) Entitlements( Id: V1MembershipEntitlementID(role.Type), }), sdkEntitlement.WithGrantableTo(resourceTypeUser, resourceTypeGroup), - ) rv = append(rv, en)