func()

in pkg/infrastructure/spRoleAssignmentManager/defaultSPRoleAssignmentManager.go [81:161]

• 57 lines of code
• 7 McCabe index (conditional complexity)

func (r *SPRoleAssignmentManager) createUpdateCustomRole(subscription string, role domain.Role, permissions []string) error {

	// rgScope := fmt.Sprintf("/subscriptions/%s/resourceGroups/%s", subscription, resourceGroupName)
	subScope := fmt.Sprintf("/subscriptions/%s", subscription)

	data := map[string]interface{}{
		"assignableScopes": []string{
			// rgScope,
			subScope,
		},
		"description": role.RoleDefinitionName,
		"id":          role.RoleDefinitionResourceID,
		"name":        role.RoleDefinitionID,
		"permissions": []map[string]interface{}{
			{
				"actions":        permissions,
				"dataActions":    []string{},
				"notActions":     []string{},
				"notDataActions": []string{},
			},
		},
		"roleName": role.RoleDefinitionName,
		"roleType": "CustomRole",
		// "type":     "Microsoft.Authorization/roleDefinitions",
	}

	properties := map[string]interface{}{
		"properties": data,
	}
	// marshal data as json
	jsonData, err := json.Marshal(properties)
	if err != nil {
		return err
	}

	//convert to json string
	jsonString := string(jsonData)

	// log.Printf("jsonString: %s", jsonString)
	log.Debugf("jsonString: %s", jsonString)

	url := fmt.Sprintf("https://management.azure.com/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/%s?api-version=2018-01-01-preview", subscription, role.RoleDefinitionID)

	client := &http.Client{}

	req, err := http.NewRequest("PUT", url, bytes.NewBufferString(jsonString))
	if err != nil {
		return err
	}

	req.Header.Set("Content-Type", "application/json")
	req.Header.Set("Accept", "application/json")
	req.Header.Set("User-Agent", "Go HTTP Client")

	defaultApiBearerToken, err := r.azAPIClient.GetDefaultAPIBearerToken()
	if err != nil {
		return err
	}

	// add bearer token to header
	req.Header.Add("Authorization", "Bearer "+defaultApiBearerToken)

	// make request
	resp, err := client.Do(req)
	if err != nil {
		return err
	}

	// read response body
	body, err := io.ReadAll(resp.Body)
	if err != nil {
		return err
	}

	log.Debugln(string(body))
	if strings.Contains(string(body), "InvalidActionOrNotAction") {
		return fmt.Errorf("InvalidActionOrNotAction: %s", string(body))
	}

	return nil
}