use crate::MicrosoftGraphHelper;
use cloud_terrastodon_azure_types::AzureTenantId;
use cloud_terrastodon_azure_types::GovernanceRoleAssignment;
use cloud_terrastodon_azure_types::PrincipalId;
use cloud_terrastodon_command::CacheKey;
use std::path::PathBuf;
pub async fn fetch_governance_role_assignments_for_principal(
tenant_id: AzureTenantId,
principal_id: impl Into<PrincipalId>,
) -> eyre::Result<Vec<GovernanceRoleAssignment>> {
let principal_id: PrincipalId = principal_id.into();
let url = format!(
"https://graph.microsoft.com/beta/privilegedAccess/aadroles/roleAssignments?$expand=linkedEligibleRoleAssignment,subject,roleDefinition($expand=resource)&$filter=(subject/id eq '{}')",
principal_id
);
MicrosoftGraphHelper::new(
tenant_id,
url,
Some(CacheKey::new(PathBuf::from_iter([
"ms".to_string(),
"graph".to_string(),
"GET".to_string(),
"governance_role_assignments".to_string(),
tenant_id.to_string(),
principal_id.to_string(),
]))),
)
.fetch_all()
.await
}
#[cfg(test)]
mod test {
use crate::auth::fetch_current_user;
use crate::fetch_governance_role_assignments_for_principal;
use crate::get_test_tenant_id;
use crate::test_helpers::expect_aad_premium_p2_license;
#[tokio::test]
pub async fn it_works() -> eyre::Result<()> {
let tenant_id = get_test_tenant_id().await?;
let me = fetch_current_user().await?.id;
let Some(governance_role_assignments) = expect_aad_premium_p2_license(
fetch_governance_role_assignments_for_principal(tenant_id, &me).await,
)
.await?
else {
return Ok(());
};
assert!(!governance_role_assignments.is_empty());
Ok(())
}
}