feat: added kmip to project roles section

backend/src/ee/services/permission/project-permission.ts

@@ -419,6 +419,12 @@ const GeneralPermissionSchema = [
     action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionSecretSyncActions).describe(
       "Describe what action an entity can take."
     )
+  }),
+  z.object({
+    subject: z.literal(ProjectPermissionSub.Kmip).describe("The entity this permission pertains to."),
+    action: CASL_ACTION_SCHEMA_NATIVE_ENUM(ProjectPermissionKmipActions).describe(
+      "Describe what action an entity can take."
+    )
   })
 ];
 

frontend/src/pages/project/RoleDetailsBySlugPage/components/ProjectRoleModifySection.utils.tsx

@@ -8,6 +8,7 @@ import {
 import {
   PermissionConditionOperators,
   ProjectPermissionDynamicSecretActions,
+  ProjectPermissionKmipActions,
   ProjectPermissionSecretSyncActions,
   TPermissionCondition,
   TPermissionConditionOperators
@@ -48,6 +49,13 @@ const SecretSyncPolicyActionSchema = z.object({
   [ProjectPermissionSecretSyncActions.RemoveSecrets]: z.boolean().optional()
 });
 
+const KmipPolicyActionSchema = z.object({
+  [ProjectPermissionKmipActions.ReadClients]: z.boolean().optional(),
+  [ProjectPermissionKmipActions.CreateClients]: z.boolean().optional(),
+  [ProjectPermissionKmipActions.UpdateClients]: z.boolean().optional(),
+  [ProjectPermissionKmipActions.DeleteClients]: z.boolean().optional()
+});
+
 const SecretRollbackPolicyActionSchema = z.object({
   read: z.boolean().optional(),
   create: z.boolean().optional()
@@ -162,7 +170,8 @@ export const projectRoleFormSchema = z.object({
       [ProjectPermissionSub.SecretRotation]: GeneralPolicyActionSchema.array().default([]),
       [ProjectPermissionSub.Kms]: GeneralPolicyActionSchema.array().default([]),
       [ProjectPermissionSub.Cmek]: CmekPolicyActionSchema.array().default([]),
-      [ProjectPermissionSub.SecretSyncs]: SecretSyncPolicyActionSchema.array().default([])
+      [ProjectPermissionSub.SecretSyncs]: SecretSyncPolicyActionSchema.array().default([]),
+      [ProjectPermissionSub.Kmip]: KmipPolicyActionSchema.array().default([])
     })
     .partial()
     .optional()
@@ -359,6 +368,23 @@ export const rolePermission2Form = (permissions: TProjectPermission[] = []) => {
       return;
     }
 
+    if (subject === ProjectPermissionSub.Kmip) {
+      const canReadClients = action.includes(ProjectPermissionKmipActions.ReadClients);
+      const canEditClients = action.includes(ProjectPermissionKmipActions.UpdateClients);
+      const canDeleteClients = action.includes(ProjectPermissionKmipActions.DeleteClients);
+      const canCreateClients = action.includes(ProjectPermissionKmipActions.CreateClients);
+
+      if (!formVal[subject]) formVal[subject] = [{}];
+
+      // from above statement we are sure it won't be undefined
+      if (canReadClients) formVal[subject]![0][ProjectPermissionKmipActions.ReadClients] = true;
+      if (canEditClients) formVal[subject]![0][ProjectPermissionKmipActions.UpdateClients] = true;
+      if (canCreateClients) formVal[subject]![0][ProjectPermissionKmipActions.CreateClients] = true;
+      if (canDeleteClients) formVal[subject]![0][ProjectPermissionKmipActions.DeleteClients] = true;
+
+      return;
+    }
+
     if (subject === ProjectPermissionSub.SecretSyncs) {
       const canRead = action.includes(ProjectPermissionSecretSyncActions.Read);
       const canEdit = action.includes(ProjectPermissionSecretSyncActions.Edit);
@@ -738,5 +764,26 @@ export const PROJECT_PERMISSION_OBJECT: TProjectPermissionObject = {
         value: ProjectPermissionSecretSyncActions.RemoveSecrets
       }
     ]
+  },
+  [ProjectPermissionSub.Kmip]: {
+    title: "KMIP",
+    actions: [
+      {
+        label: "Read clients",
+        value: ProjectPermissionKmipActions.ReadClients
+      },
+      {
+        label: "Create clients",
+        value: ProjectPermissionKmipActions.CreateClients
+      },
+      {
+        label: "Modify clients",
+        value: ProjectPermissionKmipActions.UpdateClients
+      },
+      {
+        label: "Delete clients",
+        value: ProjectPermissionKmipActions.DeleteClients
+      }
+    ]
   }
 };