Allow DB impersonation

fheinecke · fheinecke · commit 68b309ae6162 · 2024-12-09T13:17:47.000-06:00
diff --git a/examples/chart/teleport-cluster/templates/auth/config.yaml b/examples/chart/teleport-cluster/templates/auth/config.yaml
@@ -139,6 +139,11 @@ data:
               - read
               - update
               - delete
+        impersonate:
+          users:
+            - Db
+          roles:
+            - Db
       deny: {}
     version: v7
     ---
diff --git a/integrations/operator/controllers/resources/testlib/env.go b/integrations/operator/controllers/resources/testlib/env.go
@@ -144,6 +144,10 @@ func defaultTeleportServiceConfig(t *testing.T) (*helpers.TeleInstance, string)
 				types.NewRule(types.KindNode, unrestricted),
 				types.NewRule(types.KindDatabase, unrestricted),
 			},
+			Impersonate: &types.ImpersonateConditions{
+				Users: []string{"Db"},
+				Roles: []string{"Db"},
+			},
 		},
 	})
 	require.NoError(t, err)
diff --git a/integrations/operator/hack/fixture-operator-role.yaml b/integrations/operator/hack/fixture-operator-role.yaml
@@ -81,5 +81,10 @@ spec:
           - read
           - update
           - delete
+    impersonate:
+      users:
+        - Db
+      roles:
+        - Db
   deny: {}
 version: v7
