func()

in pkg/cloud/roleassignments.go [20:57]

• 29 lines of code
• 5 McCabe index (conditional complexity)

func (c *AzureClient) CreateRoleAssignment(ctx context.Context, scope, roleName, principalID string) (armauthorization.RoleAssignment, error) {
	var result armauthorization.RoleAssignment

	roleDefinitionID, err := c.GetRoleDefinitionIDByName(ctx, "", roleName)
	if err != nil {
		return result, errors.Wrapf(err, "failed to get role definition id for role %s", roleName)
	}

	mlog.Debug("Creating role assignment",
		"principalID", principalID,
		"role", roleName,
	)

	parameters := armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			RoleDefinitionID: roleDefinitionID.ID,
			PrincipalID:      to.Ptr(principalID),
		},
	}

	// Adding retries to handle the propagation delay of the service principal.
	// Trying to create role assignment immediately after service principal is created
	// results in "PrincipalNotFound" error.
	for i := 0; i < roleAssignmentCreateRetryCount; i++ {
		resp, err := c.roleAssignmentsClient.Create(ctx, scope, uuid.New().String(), parameters, nil)
		if err == nil {
			return resp.RoleAssignment, nil
		}

		if IsRoleAssignmentExists(err) {
			mlog.Warning("Role assignment already exists", "principalID", principalID, "role", roleName)
			return result, err
		}
		time.Sleep(roleAssignmentCreateRetryDelay)
	}

	return result, err
}