Skip to content

Commit 0138136

Browse files
mikemountainmikemountain
committed
repo: add CreateDefaultRole and CreateAdminRole options
1 parent 5a3532b commit 0138136

File tree

2 files changed

+44
-4
lines changed

2 files changed

+44
-4
lines changed

internal/daemon/controller/handlers/scopes/scope_service.go

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ import (
4242
"github.com/hashicorp/boundary/internal/types/scope"
4343
"github.com/hashicorp/boundary/internal/util"
4444
pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/scopes"
45+
"github.com/hashicorp/boundary/version"
4546
wrappingKms "github.com/hashicorp/go-kms-wrapping/extras/kms/v2"
4647
"google.golang.org/grpc/codes"
4748
"google.golang.org/grpc/status"
@@ -670,8 +671,27 @@ func (s *Service) createInRepo(ctx context.Context, authResults auth.VerifyResul
670671
if item.GetDescription() != nil {
671672
opts = append(opts, iam.WithDescription(item.GetDescription().GetValue()))
672673
}
673-
opts = append(opts, iam.WithSkipAdminRoleCreation(req.GetSkipAdminRoleCreation()))
674-
opts = append(opts, iam.WithSkipDefaultRoleCreation(req.GetSkipDefaultRoleCreation()))
674+
if version.SupportsFeature(version.Binary, version.CreateDefaultAndAdminRoles) &&
675+
version.SupportsFeature(version.Binary, version.SkipDefaultAndAdminRoleCreation) {
676+
if req.GetCreateDefaultRole() && req.GetSkipDefaultRoleCreation() {
677+
return nil, handlers.InvalidArgumentErrorf("Cannot set both create_default_role and skip_default_role_creation to true.", map[string]string{"create_default_role": "Cannot set both create_default_role and skip_default_role_creation to true."})
678+
}
679+
if req.GetCreateAdminRole() && req.GetSkipAdminRoleCreation() {
680+
return nil, handlers.InvalidArgumentErrorf("Cannot set both create_admin_role and skip_admin_role_creation to true.", map[string]string{"create_admin_role": "Cannot set both create_admin_role and skip_admin_role_creation to true."})
681+
}
682+
}
683+
// If the version supports creating default and admin roles, we check the flag for creating the initial login role.
684+
if version.SupportsFeature(version.Binary, version.CreateDefaultAndAdminRoles) {
685+
opts = append(opts, iam.WithCreateDefaultRole(req.GetCreateDefaultRole()))
686+
opts = append(opts, iam.WithCreateAdminRole(req.GetCreateAdminRole()))
687+
}
688+
689+
// TODO: Deprecated in 0.22
690+
// If the version supports skipping default and admin role creation, we check the skip flag.
691+
if version.SupportsFeature(version.Binary, version.SkipDefaultAndAdminRoleCreation) {
692+
opts = append(opts, iam.WithSkipDefaultRoleCreation(req.GetSkipDefaultRoleCreation()))
693+
opts = append(opts, iam.WithSkipAdminRoleCreation(req.GetSkipAdminRoleCreation()))
694+
}
675695

676696
parentScope := authResults.Scope
677697
var iamScope *iam.Scope

internal/iam/options.go

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,10 @@ type options struct {
3434
withGrantScopeIds []string
3535
withSkipVetForWrite bool
3636
withDisassociate bool
37-
withSkipAdminRoleCreation bool
38-
withSkipDefaultRoleCreation bool
37+
withSkipAdminRoleCreation bool // Deprecated in 0.22
38+
withSkipDefaultRoleCreation bool // Deprecated in 0.22
39+
withCreateDefaultRole bool
40+
withCreateAdminRole bool
3941
withUserId string
4042
withRandomReader io.Reader
4143
withAccountIds []string
@@ -119,6 +121,7 @@ func WithDisassociate(enable bool) Option {
119121
}
120122
}
121123

124+
// TODO: Deprecated in 0.22
122125
// WithSkipAdminRoleCreation provides an option to disable the automatic
123126
// creation of an admin role when a new scope is created.
124127
func WithSkipAdminRoleCreation(enable bool) Option {
@@ -127,6 +130,7 @@ func WithSkipAdminRoleCreation(enable bool) Option {
127130
}
128131
}
129132

133+
// TODO: Deprecated in 0.22
130134
// WithSkipDefaultRoleCreation provides an option to disable the automatic
131135
// creation of a default role when a new scope is created.
132136
func WithSkipDefaultRoleCreation(enable bool) Option {
@@ -135,6 +139,22 @@ func WithSkipDefaultRoleCreation(enable bool) Option {
135139
}
136140
}
137141

142+
// WithCreateAdminRole provides an option to enable the automatic
143+
// creation of an admin role when a new scope is created.
144+
func WithCreateAdminRole(enable bool) Option {
145+
return func(o *options) {
146+
o.withCreateAdminRole = enable
147+
}
148+
}
149+
150+
// WithCreateDefaultRole provides an option to enable the automatic
151+
// creation of a default role when a new scope is created.
152+
func WithCreateDefaultRole(enable bool) Option {
153+
return func(o *options) {
154+
o.withCreateDefaultRole = enable
155+
}
156+
}
157+
138158
// WithUserId provides an option to specify the user ID to use when creating roles with new scopes.
139159
func WithUserId(id string) Option {
140160
return func(o *options) {

0 commit comments

Comments
 (0)