Added godoc

internal/jimm/service_account.go

@@ -54,6 +54,9 @@ func (j *JIMM) AddServiceAccount(ctx context.Context, u *openfga.User, clientId
 	return nil
 }
 
+// GrantServiceAccountAccess creates an administrator relation between the tags provided
+// and the service account. The provided tags must be users or groups (with the member relation)
+// otherwise OpenFGA will report an error.
 func (j *JIMM) GrantServiceAccountAccess(ctx context.Context, u *openfga.User, svcAccTag jimmnames.ServiceAccountTag, tags []*ofganames.Tag) error {
 	op := errors.Op("jimm.GrantServiceAccountAccess")
 	tuples := make([]openfga.Tuple, 0, len(tags))

internal/jujuapi/service_account.go

@@ -105,6 +105,8 @@ func (r *controllerRoot) ListServiceAccountCredentials(ctx context.Context, req
 	return getIdentityCredentials(ctx, targetUser, r.jimm, req.CloudCredentialArgs)
 }
 
+// GrantServiceAccountAccess is the method handler for granting new users/groups with access
+// to service accounts.
 func (r *controllerRoot) GrantServiceAccountAccess(ctx context.Context, req apiparams.GrantServiceAccountAccess) error {
 	const op = errors.Op("jujuapi.GrantServiceAccountAccess")
 

internal/openfga/user.go

@@ -80,6 +80,7 @@ func (u *User) IsModelWriter(ctx context.Context, resource names.ModelTag) (bool
 	return isWriter, nil
 }
 
+// IsServiceAccountAdmin returns true if the user has administrator relation to the service account.
 func (u *User) IsServiceAccountAdmin(ctx context.Context, clientID jimmnames.ServiceAccountTag) (bool, error) {
 	isAdmin, err := checkRelation(ctx, u, clientID, ofganames.AdministratorRelation)
 	if err != nil {