-
Notifications
You must be signed in to change notification settings - Fork 545
Expand file tree
/
Copy pathRoleAssignmentListCommand.cs
More file actions
77 lines (66 loc) · 2.84 KB
/
Copy pathRoleAssignmentListCommand.cs
File metadata and controls
77 lines (66 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
using Azure.Mcp.Core.Commands.Subscription;
using Azure.Mcp.Tools.Authorization.Models;
using Azure.Mcp.Tools.Authorization.Options;
using Azure.Mcp.Tools.Authorization.Services;
using Microsoft.Extensions.Logging;
using Microsoft.Mcp.Core.Commands;
using Microsoft.Mcp.Core.Extensions;
using Microsoft.Mcp.Core.Models.Command;
using Microsoft.Mcp.Core.Models.Option;
namespace Azure.Mcp.Tools.Authorization.Commands;
[CommandMetadata(
Id = "1dfbef45-4014-4575-a9ba-2242bc792e54",
Name = "list",
Title = "List Role Assignments",
Description = """
List all Azure RBAC role assignments in the specified scope. Results include role definition IDs and principal IDs, returned as a JSON array.
""",
Destructive = false,
Idempotent = true,
OpenWorld = false,
ReadOnly = true,
Secret = false,
LocalRequired = false)]
public sealed class RoleAssignmentListCommand(ILogger<RoleAssignmentListCommand> logger, IAuthorizationService authorizationService) : SubscriptionCommand<RoleAssignmentListOptions>
{
private readonly ILogger<RoleAssignmentListCommand> _logger = logger;
private readonly IAuthorizationService _authorizationService = authorizationService;
protected override void RegisterOptions(Command command)
{
base.RegisterOptions(command);
command.Options.Add(OptionDefinitions.Authorization.Scope);
}
protected override RoleAssignmentListOptions BindOptions(ParseResult parseResult)
{
var args = base.BindOptions(parseResult);
args.Scope = parseResult.GetValueOrDefault<string>(OptionDefinitions.Authorization.Scope.Name);
return args;
}
public override async Task<CommandResponse> ExecuteAsync(CommandContext context, ParseResult parseResult, CancellationToken cancellationToken)
{
if (!Validate(parseResult.CommandResult, context.Response).IsValid)
{
return context.Response;
}
var options = BindOptions(parseResult);
try
{
var assignments = await _authorizationService.ListRoleAssignmentsAsync(
options.Subscription!,
options.Scope!,
options.Tenant,
options.RetryPolicy,
cancellationToken);
context.Response.Results = ResponseResult.Create(new(assignments?.Results ?? [], assignments?.AreResultsTruncated ?? false), AuthorizationJsonContext.Default.RoleAssignmentListCommandResult);
}
catch (Exception ex)
{
_logger.LogError(ex, "An exception occurred listing role assignments.");
HandleException(context, ex);
}
return context.Response;
}
internal record RoleAssignmentListCommandResult(List<RoleAssignment> Assignments, bool AreResultsTruncated);
}