add support for directory role activation

manicminer · Apr 14, 2021 · a57339d · a57339d
1 parent aa88cc4
commit a57339d
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 7 deletions.
diff --git a/msgraph/directory_role_templates_test.go b/msgraph/directory_role_templates_test.go
@@ -15,15 +15,31 @@ type DirectoryRoleTemplatesClientTest struct {
 }
 
 func TestDirectoryRoleTemplatesClient(t *testing.T) {
-	c := DirectoryRoleTemplatesClientTest{
+	rs := test.RandomString()
+	// set up directory role templates test client
+	dirRoleTemplatesClient := DirectoryRoleTemplatesClientTest{
 		connection:   test.NewConnection(auth.MsGraph, auth.TokenVersion2),
-		randomString: test.RandomString(),
+		randomString: rs,
 	}
-	c.client = msgraph.NewDirectoryRoleTemplatesClient(c.connection.AuthConfig.TenantID)
-	c.client.BaseClient.Authorizer = c.connection.Authorizer
+	dirRoleTemplatesClient.client = msgraph.NewDirectoryRoleTemplatesClient(dirRoleTemplatesClient.connection.AuthConfig.TenantID)
+	dirRoleTemplatesClient.client.BaseClient.Authorizer = dirRoleTemplatesClient.connection.Authorizer
 
-	directoryRoleTemplates := testDirectoryRoleTemplatesClient_List(t, c)
-	testDirectoryRoleTemplatesClient_Get(t, c, *(*directoryRoleTemplates)[0].ID)
+	// set up directory roles test client
+	dirRolesClient := DirectoryRolesClientTest{
+		connection:   test.NewConnection(auth.MsGraph, auth.TokenVersion2),
+		randomString: rs,
+	}
+	dirRolesClient.client = msgraph.NewDirectoryRolesClient(dirRolesClient.connection.AuthConfig.TenantID)
+	dirRolesClient.client.BaseClient.Authorizer = dirRolesClient.connection.Authorizer
+
+	// list all directory roles available in the tenant
+	directoryRoleTemplates := testDirectoryRoleTemplatesClient_List(t, dirRoleTemplatesClient)
+	testDirectoryRoleTemplatesClient_Get(t, dirRoleTemplatesClient, *(*directoryRoleTemplates)[0].ID)
+
+	// activate a directory role in the tenant using role template id if not already activated
+	// https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
+	globalAdministratorRoleId := "62e90394-69f5-4237-9190-012177145e10"
+	testDirectoryRolesClient_Activate(t, dirRolesClient, globalAdministratorRoleId)
 }
 
 func testDirectoryRoleTemplatesClient_List(t *testing.T, c DirectoryRoleTemplatesClientTest) (directoryRoleTemplates *[]msgraph.DirectoryRoleTemplate) {
@@ -50,3 +66,45 @@ func testDirectoryRoleTemplatesClient_Get(t *testing.T, c DirectoryRoleTemplates
 	}
 	return
 }
+
+func testDirectoryRolesClient_Activate(t *testing.T, c DirectoryRolesClientTest, roleTemplateId string) (directoryRole *msgraph.DirectoryRole) {
+	// list all activated directory roles in the tenant
+	directoryRoles, _, err := c.client.List(c.connection.Context)
+	if err != nil {
+		t.Fatalf("DirectoryRolesClient.List(): %v", err)
+	}
+	if directoryRoles == nil {
+		t.Fatal("DirectoryRolesClient.List(): directoryRoles was nil")
+	}
+
+	// helper function to find activate directory role by role template id
+	// api does not support retrieving directory role by role template id; it does not support the OData Query Parameters
+	findDirRoleByRoleTemplateId := func(directoryRoles []msgraph.DirectoryRole, roleTemplatedId string) *msgraph.DirectoryRole {
+		for _, dirRole := range directoryRoles {
+			if dirRole.RoleTemplateId != nil && (*dirRole.RoleTemplateId) == roleTemplateId {
+				return &dirRole
+			}
+		}
+		return nil
+	}
+
+	if dirRole := findDirRoleByRoleTemplateId(*directoryRoles, roleTemplateId); dirRole != nil {
+		// directory role is already active in the tenant; call to activate directory role in the tenant would fail
+		t.Logf("directory role with %s template id is already active in the tenant\n", roleTemplateId)
+		return
+	}
+
+	// attempt to activate directory role only if it is not already activated in the tenant
+	t.Log("activating DirectoryRolesClientTest", roleTemplateId)
+	directoryRole, status, err := c.client.Activate(c.connection.Context, roleTemplateId)
+	if err != nil {
+		t.Fatalf("DirectoryRolesClient.Activate(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("DirectoryRolesClient.Activate(): invalid status: %d", status)
+	}
+	if directoryRole == nil {
+		t.Fatal("DirectoryRolesClient.Activate(): directoryRole was nil")
+	}
+	return
+}
diff --git a/msgraph/directory_roles.go b/msgraph/directory_roles.go
@@ -25,7 +25,7 @@ func NewDirectoryRolesClient(tenantId string) *DirectoryRolesClient {
 	}
 }
 
-// List returns a list of DirectoryRoles.
+// List returns a list of DirectoryRoles activated in the tenant.
 func (c *DirectoryRolesClient) List(ctx context.Context) (*[]DirectoryRole, int, error) {
 	resp, status, _, err := c.BaseClient.Get(ctx, GetHttpRequestInput{
 		ValidStatusCodes: []int{http.StatusOK},
@@ -220,3 +220,42 @@ func (c *DirectoryRolesClient) GetMember(ctx context.Context, directoryRoleId, m
 	}
 	return &data.Id, status, nil
 }
+
+// Activate activates a directory role. To read a directory role or update its members, it must first be activated in the tenant using role template id.
+// This method will fail if directory role is already activated in the tenant.
+// We could consider to list all directory roles firstly and check if the directory role exists. Activating it only if it does not exists.
+// Not ideal solution. API does not support retrieving directory role by role template id; it does not support does not support the OData Query Parameters.
+func (c *DirectoryRolesClient) Activate(ctx context.Context, roleTemplateID string) (*DirectoryRole, int, error) {
+	var status int
+	data := struct {
+		RoleTemplateID string `json:"roleTemplateId"`
+	}{
+		RoleTemplateID: roleTemplateID,
+	}
+	body, err := json.Marshal(data)
+	if err != nil {
+		return nil, status, fmt.Errorf("json.Marshal(): %v", err)
+	}
+
+	resp, status, _, err := c.BaseClient.Post(ctx, PostHttpRequestInput{
+		Body:             body,
+		ValidStatusCodes: []int{http.StatusCreated},
+		Uri: Uri{
+			Entity:      "/directoryRoles",
+			HasTenantId: true,
+		},
+	})
+	if err != nil {
+		return nil, status, fmt.Errorf("DirectoryRolesClient.BaseClient.Post(): %v", err)
+	}
+	defer resp.Body.Close()
+	respBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("ioutil.ReadAll(): %v", err)
+	}
+	var newDirRole DirectoryRole
+	if err := json.Unmarshal(respBody, &newDirRole); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+	return &newDirRole, status, nil
+}