From b2b7eaaa52d6fe064597d5d5c72410cf5ba27c6c Mon Sep 17 00:00:00 2001
From: Derek Horton <dehort@redhat.com>
Date: Wed, 24 Jan 2024 17:03:27 -0600
Subject: [PATCH] Add support for service accounts - RHCLOUD-30358

---
 internal/api/middleware/identityType.go      | 5 ++++-
 internal/api/middleware/identityType_test.go | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/internal/api/middleware/identityType.go b/internal/api/middleware/identityType.go
index a5652b8d..c1ce4aa1 100644
--- a/internal/api/middleware/identityType.go
+++ b/internal/api/middleware/identityType.go
@@ -9,6 +9,7 @@ import (
 )
 
 const userType = "user"
+const serviceAccountType = "serviceaccount"
 
 func EnforceIdentityType(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -20,7 +21,9 @@ func EnforceIdentityType(next http.Handler) http.Handler {
 			return
 		}
 
-		if principalType := strings.ToLower(identity.Identity.Type); principalType != userType {
+		principalType := strings.ToLower(identity.Identity.Type)
+
+		if principalType != userType && principalType != serviceAccountType {
 			http.Error(w, fmt.Sprintf("unauthorized principal type: %s", principalType), 403)
 			return
 		}
diff --git a/internal/api/middleware/identityType_test.go b/internal/api/middleware/identityType_test.go
index 1feca428..de5936d8 100644
--- a/internal/api/middleware/identityType_test.go
+++ b/internal/api/middleware/identityType_test.go
@@ -35,6 +35,7 @@ var _ = Describe("Identity type middleware", func() {
 		},
 
 		Entry("User", "User", 200, ""),
+		Entry("ServiceAccount", "ServiceAccount", 200, ""),
 		Entry("System", "System", 403, "unauthorized principal type: system\n"),
 		Entry("Random", "salad", 403, "unauthorized principal type: salad\n"),
 	)