azure-workload-identity/pkg/cloud/roledefinitions.go

package cloud

import (
	"context"
	"fmt"

	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization"
	"github.com/pkg/errors"
	"monis.app/mlog"
)

// GetRoleDefinitionIDByName returns the role definition ID for the given role name.
func (c *AzureClient) GetRoleDefinitionIDByName(ctx context.Context, scope, roleName string) (armauthorization.RoleDefinition, error) {
	mlog.Debug("Get role definition ID", "name", roleName)

	filter := getRoleNameFilter(roleName)
	pager := c.roleDefinitionsClient.NewListPager(scope, &armauthorization.RoleDefinitionsClientListOptions{
		Filter: &filter,
	})

	for pager.More() {
		nextResult, err := pager.NextPage(ctx)
		if err != nil {
			return armauthorization.RoleDefinition{}, errors.Wrap(err, "failed to list role definitions")
		}
		if len(nextResult.Value) > 0 {
			return *nextResult.Value[0], nil
		}
	}

	return armauthorization.RoleDefinition{}, errors.Errorf("role definition %s not found", roleName)
}

// getRoleNameFilter returns a filter string for the given role name.
// Supported filters are either roleName eq '{value}' or type eq 'BuiltInRole|CustomRole'."
func getRoleNameFilter(roleName string) string {
	return fmt.Sprintf("roleName eq '%s'", roleName)
}