diff --git a/lib/auth/autoupdate/v1/service_test.go b/lib/auth/autoupdate/v1/service_test.go index 6710a2c8aae39..fb45cb20c6488 100644 --- a/lib/auth/autoupdate/v1/service_test.go +++ b/lib/auth/autoupdate/v1/service_test.go @@ -82,6 +82,24 @@ func TestServiceAccess(t *testing.T) { allowedStates []authz.AdminActionAuthState disallowedStates []authz.AdminActionAuthState }{ + { + name: "CreateAutoupdateConfig", + allowedStates: []authz.AdminActionAuthState{ + authz.AdminActionAuthNotRequired, + authz.AdminActionAuthMFAVerified, + authz.AdminActionAuthMFAVerifiedWithReuse, + }, + allowedVerbs: []string{types.VerbCreate}, + }, + { + name: "UpdateAutoupdateConfig", + allowedStates: []authz.AdminActionAuthState{ + authz.AdminActionAuthNotRequired, + authz.AdminActionAuthMFAVerified, + authz.AdminActionAuthMFAVerifiedWithReuse, + }, + allowedVerbs: []string{types.VerbUpdate}, + }, { name: "UpsertAutoupdateConfig", allowedStates: []authz.AdminActionAuthState{ @@ -103,6 +121,24 @@ func TestServiceAccess(t *testing.T) { allowedVerbs: []string{types.VerbDelete}, }, // Autoupdate version check. + { + name: "CreateAutoupdateVersion", + allowedStates: []authz.AdminActionAuthState{ + authz.AdminActionAuthNotRequired, + authz.AdminActionAuthMFAVerified, + authz.AdminActionAuthMFAVerifiedWithReuse, + }, + allowedVerbs: []string{types.VerbCreate}, + }, + { + name: "UpdateAutoupdateVersion", + allowedStates: []authz.AdminActionAuthState{ + authz.AdminActionAuthNotRequired, + authz.AdminActionAuthMFAVerified, + authz.AdminActionAuthMFAVerifiedWithReuse, + }, + allowedVerbs: []string{types.VerbUpdate}, + }, { name: "UpsertAutoupdateVersion", allowedStates: []authz.AdminActionAuthState{ diff --git a/lib/services/autoupdates.go b/lib/services/autoupdates.go index a236166dd19eb..e65a4528719ce 100644 --- a/lib/services/autoupdates.go +++ b/lib/services/autoupdates.go @@ -20,6 +20,7 @@ package services import ( "context" + "github.com/gravitational/teleport/api/gen/proto/go/teleport/autoupdate/v1" )