add role definition parsing support (#98)

src/definitions.rs

@@ -0,0 +1,65 @@
+use serde::{Deserialize, Serialize};
+
+#[derive(Deserialize, Debug, Serialize)]
+pub(crate) struct Definitions {
+    pub(crate) value: Vec<Definition>,
+}
+
+#[derive(Deserialize, Debug, Serialize)]
+#[serde(deny_unknown_fields)]
+pub struct Definition {
+    pub id: String,
+    pub name: String,
+    pub properties: Properties,
+    #[serde(rename = "type")]
+    pub type_: String,
+}
+
+#[derive(Deserialize, Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
+pub struct Properties {
+    pub assignable_scopes: Vec<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub created_on: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub created_by: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub updated_on: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub updated_by: Option<String>,
+    pub description: String,
+    pub permissions: Vec<Permission>,
+    pub role_name: String,
+    #[serde(rename = "type")]
+    pub type_: String,
+}
+
+#[derive(Deserialize, Debug, Serialize)]
+#[serde(rename_all = "camelCase")]
+#[serde(deny_unknown_fields)]
+pub struct Permission {
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub actions: Option<Vec<String>>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub not_actions: Option<Vec<String>>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub data_actions: Option<Vec<String>>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub not_data_actions: Option<Vec<String>>,
+}
+
+#[cfg(test)]
+mod tests {
+    use super::Definitions;
+    use anyhow::Result;
+    use insta::assert_json_snapshot;
+
+    #[test]
+    fn test_deserialization() -> Result<()> {
+        const ROLES: &str = include_str!("../tests/data/definitions.json");
+        let definitions: Definitions = serde_json::from_str(ROLES)?;
+        assert_json_snapshot!(definitions);
+        Ok(())
+    }
+}

src/lib.rs

@@ -10,6 +10,7 @@
 
 pub mod activate;
 pub mod az_cli;
+mod definitions;
 pub mod interactive;
 mod latest;
 pub mod roles;

src/snapshots/azure_pim_cli__definitions__tests__deserialization.snap

@@ -0,0 +1,68 @@
+---
+source: src/definitions.rs
+expression: definitions
+---
+{
+  "value": [
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000001",
+      "name": "00000000-0000-0000-0000-000000000001",
+      "properties": {
+        "assignableScopes": [
+          "/"
+        ],
+        "createdOn": "2018-11-29T18:46:55.0492387Z",
+        "updatedOn": "2018-11-29T18:46:55.0492387Z",
+        "description": "my custom role",
+        "permissions": [
+          {
+            "actions": [
+              "Microsoft.Compute/*/read",
+              "Microsoft.Network/*/read"
+            ],
+            "notActions": [],
+            "dataActions": [],
+            "notDataActions": []
+          }
+        ],
+        "roleName": "my custom name",
+        "type": "CustomRole"
+      },
+      "type": "Microsoft.Authorization/roleDefinitions"
+    },
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000007",
+      "name": "00000000-0000-0000-0000-000000000007",
+      "properties": {
+        "assignableScopes": [
+          "/"
+        ],
+        "createdOn": "2017-12-21T00:01:24.7972312Z",
+        "updatedOn": "2021-11-11T20:13:54.9397456Z",
+        "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
+        "permissions": [
+          {
+            "actions": [
+              "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/read",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/write",
+              "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
+            ],
+            "notActions": [],
+            "dataActions": [
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
+            ],
+            "notDataActions": []
+          }
+        ],
+        "roleName": "Storage Blob Data Contributor",
+        "type": "BuiltInRole"
+      },
+      "type": "Microsoft.Authorization/roleDefinitions"
+    }
+  ]
+}

tests/data/definitions.json

@@ -0,0 +1,68 @@
+{
+  "value": [
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000001",
+      "name": "00000000-0000-0000-0000-000000000001",
+      "properties": {
+        "assignableScopes": [
+          "/"
+        ],
+        "createdBy": null,
+        "createdOn": "2018-11-29T18:46:55.0492387Z",
+        "description": "my custom role",
+        "permissions": [
+          {
+            "actions": [
+              "Microsoft.Compute/*/read",
+              "Microsoft.Network/*/read"
+            ],
+            "dataActions": [],
+            "notActions": [],
+            "notDataActions": []
+          }
+        ],
+        "roleName": "my custom name",
+        "type": "CustomRole",
+        "updatedBy": null,
+        "updatedOn": "2018-11-29T18:46:55.0492387Z"
+      },
+      "type": "Microsoft.Authorization/roleDefinitions"
+    },
+    {
+      "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000007",
+      "name": "00000000-0000-0000-0000-000000000007",
+      "properties": {
+        "assignableScopes": [
+          "/"
+        ],
+        "createdBy": null,
+        "createdOn": "2017-12-21T00:01:24.7972312Z",
+        "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
+        "permissions": [
+          {
+            "actions": [
+              "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/read",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/write",
+              "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
+            ],
+            "dataActions": [
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
+              "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
+            ],
+            "notActions": [],
+            "notDataActions": []
+          }
+        ],
+        "roleName": "Storage Blob Data Contributor",
+        "type": "BuiltInRole",
+        "updatedBy": null,
+        "updatedOn": "2021-11-11T20:13:54.9397456Z"
+      },
+      "type": "Microsoft.Authorization/roleDefinitions"
+    }
+  ]
+}