backport of commit 6b2d5718b2 (#5902)

Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com>
10 months ago · 48a36a3dbc
parent 8a4c84ded3
commit 48a36a3dbc
2 changed files with 12 additions and 2 deletions
--- a/internal/daemon/controller/handlers/host_catalogs/grants_test.go
+++ b/internal/daemon/controller/handlers/host_catalogs/grants_test.go
@ -516,7 +516,17 @@ func TestGrants_ReadActions(t *testing.T) {
 		user, account := iam.TestUserManagedGroupGrantsFunc(t, conn, kmsCache, globals.GlobalPrefix, ldap.TestAuthMethodWithAccountInManagedGroup, []iam.TestRoleGrantsRequest{
 			{
 				RoleScopeId: globals.GlobalPrefix,
-				Grants:      []string{"ids=*;type=*;actions=*"},
+				Grants:      []string{"ids=*;type=host-catalog;actions=*"},
+				GrantScopes: []string{globals.GrantScopeThis, globals.GrantScopeDescendants},
+			},
+			{
+				RoleScopeId: globals.GlobalPrefix,
+				Grants:      []string{"ids=*;type=host;actions=*"},
+				GrantScopes: []string{globals.GrantScopeThis, globals.GrantScopeDescendants},
+			},
+			{
+				RoleScopeId: globals.GlobalPrefix,
+				Grants:      []string{"ids=*;type=host-set;actions=*"},
 				GrantScopes: []string{globals.GrantScopeThis, globals.GrantScopeDescendants},
 			},
 		})()
--- a/internal/daemon/controller/handlers/host_catalogs/host_catalog_service.go
+++ b/internal/daemon/controller/handlers/host_catalogs/host_catalog_service.go
@ -701,7 +701,7 @@ func (s Service) authResult(ctx context.Context, id string, a action.Type, isRec
 	res := auth.VerifyResults{}

 	var parentId string
-	opts := []auth.Option{auth.WithAction(a), auth.WithRecursive(isRecursive)}
+	opts := []auth.Option{auth.WithAction(a), auth.WithRecursive(isRecursive), auth.WithFetchAdditionalResourceGrants(additionalResourceGrants...)}
 	switch a {
 	case action.List, action.Create:
 		parentId = id