manicminer · manicminer · Mar 28, 2024 · Mar 9, 2024 · Mar 9, 2024 · Mar 9, 2024
diff --git a/internal/test/testing.go b/internal/test/testing.go
@@ -97,6 +97,7 @@ type Test struct {
 	AccessPackageClient                                     *msgraph.AccessPackageClient
 	AccessPackageResourceClient                             *msgraph.AccessPackageResourceClient
 	AccessPackageResourceRequestClient                      *msgraph.AccessPackageResourceRequestClient
+	AccessPackageResourceRoleClient                         *msgraph.AccessPackageResourceRoleClient
 	AccessPackageResourceRoleScopeClient                    *msgraph.AccessPackageResourceRoleScopeClient
 	AdministrativeUnitsClient                               *msgraph.AdministrativeUnitsClient
 	ApplicationTemplatesClient                              *msgraph.ApplicationTemplatesClient
@@ -228,6 +229,11 @@ func NewTest(t *testing.T) (c *Test) {
 	c.AccessPackageResourceRequestClient.BaseClient.Endpoint = *endpoint
 	c.AccessPackageAssignmentPolicyClient.BaseClient.RetryableClient.RetryMax = retry
 
+	c.AccessPackageResourceRoleClient = msgraph.NewAccessPackageResourceRoleClient()
+	c.AccessPackageResourceRoleClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
+	c.AccessPackageResourceRoleClient.BaseClient.Endpoint = *endpoint
+	c.AccessPackageResourceRoleClient.BaseClient.RetryableClient.RetryMax = retry
+
 	c.AccessPackageResourceRoleScopeClient = msgraph.NewAccessPackageResourceRoleScopeClient()
 	c.AccessPackageResourceRoleScopeClient.BaseClient.Authorizer = c.Connections["default"].Authorizer
 	c.AccessPackageResourceRoleScopeClient.BaseClient.Endpoint = *endpoint

diff --git a/msgraph/accesspackageresourcerole.go b/msgraph/accesspackageresourcerole.go
@@ -0,0 +1,63 @@
+package msgraph
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/hashicorp/go-azure-sdk/sdk/odata"
+)
+
+type AccessPackageResourceRoleClient struct {
+	BaseClient Client
+}
+
+func NewAccessPackageResourceRoleClient() *AccessPackageResourceRoleClient {
+	return &AccessPackageResourceRoleClient{
+		BaseClient: NewClient(VersionBeta),
+	}
+}
+
+// List retrieves a list of AccessPackageResourceRoles for a specific accessPackageResource for a particular catalog / originSystem
+// This method requires us to use an Odata Filter / Expand to function correctly
+func (c *AccessPackageResourceRoleClient) List(ctx context.Context, catalogId string, originSystem AccessPackageResourceOriginSystem, accessPackageResourceId string) (*[]AccessPackageResourceRole, int, error) {
+	resp, status, _, err := c.BaseClient.Get(ctx, GetHttpRequestInput{
+		ConsistencyFailureFunc: RetryOn404ConsistencyFailureFunc,
+		OData: odata.Query{
+			Filter: fmt.Sprintf("originSystem eq '%s' and accessPackageResource/id eq '%s'", originSystem, accessPackageResourceId),
+			Expand: odata.Expand{
+				Relationship: "accessPackageResource",
+			},
+		},
+		ValidStatusCodes: []int{http.StatusOK},
+		Uri: Uri{
+			Entity: fmt.Sprintf("/identityGovernance/entitlementManagement/accessPackageCatalogs/%s/accessPackageResourceRoles", catalogId),
+		},
+	})
+	if err != nil {
+		return nil, status, fmt.Errorf("AccessPackageResourceRoleClient.BaseClient.Get(): %v", err)
+	}
+
+	defer resp.Body.Close()
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, status, fmt.Errorf("io.ReadAll(): %v", err)
+	}
+
+	var data struct {
+		AccessPackageResourceRoles []AccessPackageResourceRole `json:"value"`
+	}
+	if err := json.Unmarshal(respBody, &data); err != nil {
+		return nil, status, fmt.Errorf("json.Unmarshal(): %v", err)
+	}
+
+	AccessPackageResourceRoles := data.AccessPackageResourceRoles
+
+	if len(AccessPackageResourceRoles) == 0 {
+		return nil, http.StatusNotFound, fmt.Errorf("no AccessPackageResourceRoles found with catalogId %v, originSystem %v and accessPackageResourceId %v", catalogId, originSystem, accessPackageResourceId)
+	}
+
+	return &AccessPackageResourceRoles, status, nil
+}
diff --git a/msgraph/accesspackageresourcerole_test.go b/msgraph/accesspackageresourcerole_test.go
@@ -0,0 +1,169 @@
+package msgraph_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/manicminer/hamilton/internal/test"
+	"github.com/manicminer/hamilton/internal/utils"
+	"github.com/manicminer/hamilton/msgraph"
+)
+
+func TestAccessPackageResourceRoleClient(t *testing.T) {
+	c := test.NewTest(t)
+	defer c.CancelFunc()
+
+	self := testDirectoryObjectsClient_Get(t, c, c.Claims.ObjectId)
+
+	// Create group
+	aadGroup := testAccessPackageResourceRoleGroup_Create(t, c, msgraph.Owners{*self})
+
+	// Create test catalog
+	accessPackageCatalog := testAccessPackageResourceRoleCatalog_Create(t, c)
+
+	// Create access package
+	accessPackage := testAccessPackageResourceRoleAP_Create(t, c, msgraph.AccessPackage{
+		DisplayName: utils.StringPtr(fmt.Sprintf("test-accesspackage-%s", c.RandomString)),
+		Catalog: &msgraph.AccessPackageCatalog{
+			ID: accessPackageCatalog.ID,
+		},
+		Description: utils.StringPtr("Test Access Package"),
+		IsHidden:    utils.BoolPtr(false),
+	})
+
+	// Create Resource Request and poll for ID
+	accessPackageResourceRequest := testAccessPackageResourceRoleResourceRequest_Create(t, c, msgraph.AccessPackageResourceRequest{
+		CatalogId:   accessPackage.Catalog.ID,
+		RequestType: utils.StringPtr("AdminAdd"),
+		AccessPackageResource: &msgraph.AccessPackageResource{
+			OriginId:     aadGroup.ID(),
+			OriginSystem: msgraph.AccessPackageResourceOriginSystemAadGroup,
+			//ResourceType: utils.StringPtr("Security Group") // This is not mandatory for groups but is seen in sharepoint emails
+		},
+	}, true)
+
+	// Try to get roles for group we added to Catalog
+	testAccessPackageResourceRoleClient_List(t, c, *accessPackage.Catalog.ID, msgraph.AccessPackageResourceOriginSystemAadGroup, *accessPackageResourceRequest.AccessPackageResource.ID)
+
+	// Cleanup
+	testAccessPackageResourceRoleAP_Delete(t, c, *accessPackage.ID)
+	testAccessPackageResourceRoleResourceRequest_Delete(t, c, accessPackageResourceRequest)
+	testAccessPackageResourceRoleCatalog_Delete(t, c, *accessPackageCatalog.ID)
+	testAccessPackageResourceRoleGroup_Delete(t, c, aadGroup)
+}
+
+// AccessPackageResourceRole
+func testAccessPackageResourceRoleClient_List(t *testing.T, c *test.Test, catalogId string, originSystem msgraph.AccessPackageResourceOriginSystem, accessPackageResourceId string) (accessPackageResourceRoleScope *msgraph.AccessPackageResourceRoleScope) {
+	accessPackageResourceRole, status, err := c.AccessPackageResourceRoleClient.List(c.Context, catalogId, originSystem, accessPackageResourceId)
+	if err != nil {
+		t.Fatalf("AccessPackageResourceRequestClient.Get(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AccessPackageResourceRequestClient.Get(): invalid status: %d", status)
+	}
+	if accessPackageResourceRole == nil {
+		t.Fatal("AccessPackageResourceRequestClient.Get(): policy was nil")
+	}
+	return
+}
+
+// AccessPackageResourceRequest
+func testAccessPackageResourceRoleResourceRequest_Create(t *testing.T, c *test.Test, a msgraph.AccessPackageResourceRequest, pollForId bool) (accessPackageResourceRequest *msgraph.AccessPackageResourceRequest) {
+	accessPackageResourceRequest, status, err := c.AccessPackageResourceRequestClient.Create(c.Context, a, pollForId)
+	if err != nil {
+		t.Fatalf("AccessPackageResourceRequestClient.Create(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AccessPackageResourceRequestClient.Create(): invalid status: %d", status)
+	}
+	if accessPackageResourceRequest == nil {
+		t.Fatal("AccessPackageResourceRequestClient.Create(): accessPackageResourceRequest was nil")
+	}
+	if accessPackageResourceRequest.ID == nil {
+		t.Fatal("AccessPackageResourceRequestClient.Create(): accessPackageResourceRequest.ID was nil")
+	}
+	return
+}
+
+func testAccessPackageResourceRoleResourceRequest_Delete(t *testing.T, c *test.Test, accessPackageResourceRequest *msgraph.AccessPackageResourceRequest) {
+	status, err := c.AccessPackageResourceRequestClient.Delete(c.Context, *accessPackageResourceRequest)
+	if err != nil {
+		t.Fatalf("AccessPackageResourceRequestClient.Delete(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AccessPackageResourceRequestClient.Delete(): invalid status: %d", status)
+	}
+}
+
+// AccessPackage
+func testAccessPackageResourceRoleAP_Create(t *testing.T, c *test.Test, a msgraph.AccessPackage) (accessPackage *msgraph.AccessPackage) {
+	accessPackage, status, err := c.AccessPackageClient.Create(c.Context, a)
+	if err != nil {
+		t.Fatalf("AccessPackageClient.Create(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AccessPackageClient.Create(): invalid status: %d", status)
+	}
+	if accessPackage == nil {
+		t.Fatal("AccessPackageClient.Create(): accessPackage was nil")
+	}
+	if accessPackage.ID == nil {
+		t.Fatal("AccessPackageClient.Create(): accessPackage.ID was nil")
+	}
+	return
+}
+
+func testAccessPackageResourceRoleAP_Delete(t *testing.T, c *test.Test, id string) {
+	status, err := c.AccessPackageClient.Delete(c.Context, id)
+	if err != nil {
+		t.Fatalf("AccessPackageClient.Delete(): %v", err)
+	}
+	if status < 200 || status >= 300 {
+		t.Fatalf("AccessPackageClient.Delete(): invalid status: %d", status)
+	}
+}
+
+// AccessPackageCatalog
+func testAccessPackageResourceRoleCatalog_Create(t *testing.T, c *test.Test) (accessPackageCatalog *msgraph.AccessPackageCatalog) {
+	accessPackageCatalog, _, err := c.AccessPackageCatalogClient.Create(c.Context, msgraph.AccessPackageCatalog{
+		DisplayName:         utils.StringPtr(fmt.Sprintf("test-catalog-%s", c.RandomString)),
+		CatalogType:         msgraph.AccessPackageCatalogTypeUserManaged,
+		State:               msgraph.AccessPackageCatalogStatePublished,
+		Description:         utils.StringPtr("Test Access Catalog"),
+		IsExternallyVisible: utils.BoolPtr(false),
+	})
+
+	if err != nil {
+		t.Fatalf("AccessPackageCatalogClient.Create() - Could not create test AccessPackage catalog: %v", err)
+	}
+	return
+}
+
+func testAccessPackageResourceRoleCatalog_Delete(t *testing.T, c *test.Test, id string) {
+	_, err := c.AccessPackageCatalogClient.Delete(c.Context, id)
+	if err != nil {
+		t.Fatalf("AccessPackageCatalogClient.Delete() - Could not delete test AccessPackage catalog")
+	}
+}
+
+func testAccessPackageResourceRoleGroup_Create(t *testing.T, c *test.Test, self msgraph.Owners) (group *msgraph.Group) {
+	group, _, err := c.GroupsClient.Create(c.Context, msgraph.Group{
+		DisplayName:     utils.StringPtr(fmt.Sprintf("%s-%s", "testapresourcerequest", c.RandomString)),
+		MailEnabled:     utils.BoolPtr(false),
+		MailNickname:    utils.StringPtr(fmt.Sprintf("%s-%s", "testapresourcerequest", c.RandomString)),
+		SecurityEnabled: utils.BoolPtr(true),
+		Owners:          &self,
+	})
+
+	if err != nil {
+		t.Fatalf("GroupsClient.Create() - Could not create test group: %v", err)
+	}
+	return
+}
+
+func testAccessPackageResourceRoleGroup_Delete(t *testing.T, c *test.Test, group *msgraph.Group) {
+	_, err := c.GroupsClient.Delete(c.Context, *group.ID())
+	if err != nil {
+		t.Fatalf("GroupsClient.Delete() - Could not delete test group: %v", err)
+	}
+}