cloud_terrastodon_azure 0.34.0

Helpers for interacting with Azure for the Cloud Terrastodon project
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

use crate::prelude::MicrosoftGraphHelper;
use cloud_terrastodon_azure_types::prelude::GovernanceRoleAssignment;
use cloud_terrastodon_azure_types::prelude::PrincipalId;
use cloud_terrastodon_command::CacheKey;
use std::path::PathBuf;

/// See also: https://github.com/Azure/azure-cli/issues/28854
pub async fn fetch_governance_role_assignments_for_principal(
    principal_id: impl Into<PrincipalId>,
) -> eyre::Result<Vec<GovernanceRoleAssignment>> {
    let principal_id: PrincipalId = principal_id.into();
    let url = format!(
        "https://graph.microsoft.com/beta/privilegedAccess/aadroles/roleAssignments?$expand=linkedEligibleRoleAssignment,subject,roleDefinition($expand=resource)&$filter=(subject/id eq '{}')",
        principal_id
    );
    MicrosoftGraphHelper::new(
        url,
        Some(CacheKey::new(PathBuf::from_iter([
            "ms".to_string(),
            "graph".to_string(),
            "GET".to_string(),
            "governance_role_assignments".to_string(),
            principal_id.to_string(),
        ]))),
    )
    .fetch_all()
    .await
}

#[cfg(test)]
mod test {
    use crate::auth::fetch_current_user;
    use crate::prelude::fetch_governance_role_assignments_for_principal;
    use crate::prelude::test_helpers::expect_aad_premium_p2_license;

    #[tokio::test]
    pub async fn it_works() -> eyre::Result<()> {
        let me = fetch_current_user().await?.id;
        let Some(governance_role_assignments) = expect_aad_premium_p2_license(
            fetch_governance_role_assignments_for_principal(&me).await,
        )
        .await?
        else {
            return Ok(());
        };

        for role in governance_role_assignments {
            println!("Role assignment: {role:#?}");
        }

        Ok(())
    }
}