func()

in pkg/providers/az-client.go [130:163]

• 29 lines of code
• 4 McCabe index (conditional complexity)

func (az *AzClient) AssignSpRole(ctx context.Context, subscriptionId, resourceGroup, servicePrincipalObjectID, roleId string) error {
	log.Debug("Assigning contributor role to service principal...")
	if az.RoleAssignClient == nil {
		c, err := armauthorization.NewRoleAssignmentsClient(subscriptionId, az.Credential, nil)
		if err != nil {
			return fmt.Errorf("failed to create role assignment client: %w", err)
		}
		az.RoleAssignClient = c
	}

	scope := fmt.Sprintf("/subscriptions/%s/resourceGroups/%s", subscriptionId, resourceGroup)
	objectID := servicePrincipalObjectID
	raUid := uuid.New().String()

	fullAssignmentId := fmt.Sprintf("/%s/providers/Microsoft.Authorization/roleAssignments/%s", scope, raUid)
	fullDefinitionId := fmt.Sprintf("/providers/Microsoft.Authorization/roleDefinitions/%s", roleId)

	principalType := armauthorization.PrincipalTypeServicePrincipal
	parameters := armauthorization.RoleAssignmentCreateParameters{
		Properties: &armauthorization.RoleAssignmentProperties{
			PrincipalID:      &objectID,
			RoleDefinitionID: &fullDefinitionId,
			PrincipalType:    &principalType,
		},
	}

	_, err := az.RoleAssignClient.CreateByID(ctx, fullAssignmentId, parameters, nil)
	if err != nil {
		return fmt.Errorf("creating role assignment: %w", err)
	}

	log.Debug("Role assigned successfully!")
	return nil
}