From 0348cd60367ea7956afe2636c8e298c6e1916748 Mon Sep 17 00:00:00 2001
From: Haim Kortovich <haim.kortovich@topmanage.com>
Date: Wed, 24 Jul 2024 14:14:18 -0500
Subject: [PATCH] Add IAM_OWNER if its firstOrg admin

[ZITADOPER-5]
---
 src/internal/controller/organization_controller.go | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/internal/controller/organization_controller.go b/src/internal/controller/organization_controller.go
index 6b6634f..3f05328 100644
--- a/src/internal/controller/organization_controller.go
+++ b/src/internal/controller/organization_controller.go
@@ -159,6 +159,12 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 		}
 	}
 	ctx = middleware.SetOrgID(ctx, wr.organization.Status.OrgId)
+	roles := []string{
+		"ORG_OWNER",
+	}
+	if wr.organization.Name == zitadelCluster.Spec.FirstOrgName {
+		roles = append(roles, "IAM_OWNER")
+	}
 	var userid string
 	if adminUser == nil {
 		resp, err := ztdClient.AddHumanUser(ctx, &pb.AddHumanUserRequest{
@@ -179,9 +185,7 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 		{
 			if _, err := ztdClient.AddOrgMember(ctx, &pb.AddOrgMemberRequest{
 				UserId: userid,
-				Roles: []string{
-					"ORG_OWNER",
-				},
+				Roles:  roles,
 			}); err != nil {
 				if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
 					return fmt.Errorf("Error adding org member: %v", err)
@@ -195,9 +199,7 @@ func (wr *wrappedOrganizationReconciler) reconcileInitialAdmin(ctx context.Conte
 	{
 		if _, err := ztdClient.UpdateOrgMember(ctx, &pb.UpdateOrgMemberRequest{
 			UserId: userid,
-			Roles: []string{
-				"ORG_OWNER",
-			},
+			Roles:  roles,
 		}); err != nil {
 			if !strings.Contains(err.Error(), "Errors.Org.Member.RolesNotChanged") {
 				return fmt.Errorf("Error updating org member: %v", err)