-
Notifications
You must be signed in to change notification settings - Fork 16
/
approle_assignments_test_support.go
101 lines (84 loc) · 3.58 KB
/
approle_assignments_test_support.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
package azuretestsupport
import (
"github.com/google/uuid"
"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure"
"github.com/hexa-org/policy-orchestrator/internal/orchestratorproviders/microsoftazure/azad"
"github.com/hexa-org/policy-orchestrator/internal/policysupport"
"github.com/hexa-org/policy-orchestrator/pkg/testsupport/policytestsupport"
"sort"
)
var AppRoleAssignmentGetHrUsAndProfile = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUsAndProfile),
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdGetHrUsAndProfile),
}
var AppRoleAssignmentGetHrUs = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUs),
}
var AppRoleAssignmentGetProfile = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdGetProfile),
}
var AppRoleAssignmentMultipleMembers = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUs),
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUsAndProfile),
}
var AppRoleAssignmentForAdd = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdUnassigned1),
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdUnassigned2),
}
var AppRoleAssignments = []azad.AzureAppRoleAssignment{
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUs),
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdGetProfile),
NewAppRoleAssignments(AppRoleIdGetHrUs, policytestsupport.UserIdGetHrUsAndProfile),
NewAppRoleAssignments(AppRoleIdGetProfile, policytestsupport.UserIdGetHrUsAndProfile),
}
func NewAppRoleAssignments(appRoleId AppRoleId, principalId string) azad.AzureAppRoleAssignment {
return azad.AzureAppRoleAssignment{
ID: uuid.NewString(),
AppRoleId: string(appRoleId),
PrincipalId: principalId,
ResourceId: ServicePrincipalId,
}
}
func MakeAssignments(assignments []azad.AzureAppRoleAssignment) azad.AzureAppRoleAssignments {
return azad.AzureAppRoleAssignments{List: assignments}
}
func AssignmentsWithoutId(assignments []azad.AzureAppRoleAssignment) []azad.AzureAppRoleAssignment {
newAssignments := make([]azad.AzureAppRoleAssignment, 0)
for _, ara := range assignments {
newAra := azad.AzureAppRoleAssignment{
AppRoleId: ara.AppRoleId,
PrincipalId: ara.PrincipalId,
ResourceId: ara.ResourceId,
}
newAssignments = append(newAssignments, newAra)
}
return newAssignments
}
func AssignmentsForDelete(assignments []azad.AzureAppRoleAssignment) []azad.AzureAppRoleAssignment {
newAssignments := make([]azad.AzureAppRoleAssignment, 0)
for _, ara := range assignments {
newAra := azad.AzureAppRoleAssignment{
AppRoleId: ara.AppRoleId,
ResourceId: ara.ResourceId,
}
newAssignments = append(newAssignments, newAra)
}
return newAssignments
}
func MakePolicies(assignments []azad.AzureAppRoleAssignment) []policysupport.PolicyInfo {
policyMapper := microsoftazure.NewAzurePolicyMapper(AzureServicePrincipals(),
assignments,
policytestsupport.MakePrincipalEmailMap())
return policyMapper.ToIDQL()
}
func SortAssignments(orig []azad.AzureAppRoleAssignment) []azad.AzureAppRoleAssignment {
sorted := make([]azad.AzureAppRoleAssignment, 0)
sorted = append(sorted, orig...)
sort.Slice(sorted, func(i, j int) bool {
if sorted[i].AppRoleId == sorted[j].AppRoleId {
return sorted[i].PrincipalId <= sorted[j].PrincipalId
}
return sorted[i].AppRoleId < sorted[j].AppRoleId
})
return sorted
}