Add bot resource to user ACL

lib/services/useracl.go

@@ -104,6 +104,8 @@ type UserACL struct {
 	ExternalAuditStorage ResourceAccess `json:"externalAuditStorage"`
 	// AccessGraph defines access to access graph.
 	AccessGraph ResourceAccess `json:"accessGraph"`
+	// Bots defines access to manage Bots.
+	Bots ResourceAccess `json:"bots"`
 }
 
 func hasAccess(roleSet RoleSet, ctx *Context, kind string, verbs ...string) bool {
@@ -180,6 +182,7 @@ func NewUserACL(user types.User, userRoles RoleSet, features proto.Features, des
 	lockAccess := newAccess(userRoles, ctx, types.KindLock)
 	accessListAccess := newAccess(userRoles, ctx, types.KindAccessList)
 	externalAuditStorage := newAccess(userRoles, ctx, types.KindExternalAuditStorage)
+	bots := newAccess(userRoles, ctx, types.KindBot)
 
 	var auditQuery ResourceAccess
 	var securityReports ResourceAccess
@@ -223,5 +226,6 @@ func NewUserACL(user types.User, userRoles RoleSet, features proto.Features, des
 		SecurityReport:          securityReports,
 		ExternalAuditStorage:    externalAuditStorage,
 		AccessGraph:             accessGraphAccess,
+		Bots:                    bots,
 	}
 }

lib/services/useracl_test.go

@@ -95,6 +95,7 @@ func TestNewUserACL(t *testing.T) {
 	require.Empty(t, cmp.Diff(userContext.ConnectionDiagnostic, denied))
 	require.Empty(t, cmp.Diff(userContext.Desktops, allowedRW))
 	require.Empty(t, cmp.Diff(userContext.ExternalAuditStorage, denied))
+	require.Empty(t, cmp.Diff(userContext.Bots, denied))
 
 	require.Empty(t, cmp.Diff(userContext.Billing, denied))
 	require.True(t, userContext.Clipboard)
@@ -152,7 +153,7 @@ func TestNewUserACLCloud(t *testing.T) {
 	require.Empty(t, cmp.Diff(userContext.AccessRequests, allowedRW))
 	require.Empty(t, cmp.Diff(userContext.DiscoveryConfig, allowedRW))
 	require.Empty(t, cmp.Diff(userContext.ExternalAuditStorage, allowedRW))
-
+	require.Empty(t, cmp.Diff(userContext.Bots, allowedRW))
 	require.True(t, userContext.Clipboard)
 	require.True(t, userContext.DesktopSessionRecording)
 

web/packages/teleport/src/mocks/contexts.ts

@@ -72,6 +72,7 @@ export const allAccessAcl: Acl = {
   securityReport: fullAccess,
   externalAuditStorage: fullAccess,
   accessGraph: fullAccess,
+  bots: fullAccess,
 };
 
 export function getAcl(cfg?: { noAccess: boolean }) {

web/packages/teleport/src/services/user/makeAcl.ts

@@ -70,6 +70,8 @@ export function makeAcl(json): Acl {
   const samlIdpServiceProvider = json.samlIdpServiceProvider || defaultAccess;
   const accessGraph = json.accessGraph || defaultAccess;
 
+  const bots = json.bots || defaultAccess;
+
   return {
     accessList,
     authConnectors,
@@ -104,6 +106,7 @@ export function makeAcl(json): Acl {
     securityReport,
     externalAuditStorage,
     accessGraph,
+    bots,
   };
 }
 

web/packages/teleport/src/services/user/types.ts

@@ -88,6 +88,7 @@ export interface Acl {
   securityReport: Access;
   externalAuditStorage: Access;
   accessGraph: Access;
+  bots: Access;
 }
 
 // AllTraits represent all the traits defined for a user.

web/packages/teleport/src/services/user/user.test.ts

@@ -263,6 +263,13 @@ test('undefined values in context response gives proper default values', async (
         create: false,
         remove: false,
       },
+      bots: {
+        list: false,
+        read: false,
+        edit: false,
+        create: false,
+        remove: false,
+      },
       clipboardSharingEnabled: true,
       desktopSessionRecordingEnabled: true,
       directorySharingEnabled: true,