cloud_terrastodon_azure 0.34.0

Helpers for interacting with Azure for the Cloud Terrastodon project
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

use crate::management_groups::fetch_root_management_group;
use cloud_terrastodon_azure_types::prelude::GovernanceRoleAssignment;
use cloud_terrastodon_azure_types::prelude::PrincipalId;
use cloud_terrastodon_azure_types::prelude::RoleAssignmentRequest;
use cloud_terrastodon_command::CacheKey;
use cloud_terrastodon_command::CommandBuilder;
use cloud_terrastodon_command::CommandKind;
use eyre::Result;
use std::path::PathBuf;
use std::time::Duration;

pub async fn activate_pim_entra_role(
    principal_id: impl Into<PrincipalId>,
    role_assignment: &GovernanceRoleAssignment,
    justification: String,
    duration: Duration,
) -> Result<()> {
    let tenant_id = fetch_root_management_group().await?.tenant_id;
    let url = "https://graph.microsoft.com/beta/privilegedAccess/aadroles/roleAssignmentRequests";
    let mut cmd = CommandBuilder::new(CommandKind::AzureCLI);
    cmd.args(["rest", "--method", "POST", "--url", url, "--body"]);
    cmd.azure_file_arg(
        "body.json",
        serde_json::to_string_pretty(&RoleAssignmentRequest::new_self_activation(
            principal_id.into(),
            tenant_id,
            role_assignment,
            justification,
            duration,
        ))?,
    );
    cmd.cache(CacheKey {
        path: PathBuf::from_iter(["az", "rest", "POST", "roleAssignmentScheduleRequests"]),
        valid_for: Duration::ZERO,
    });
    cmd.run_raw().await?;
    Ok(())
}