feat(resources): Add Role Management Policy Assignments (#12557)

erezrokah · web-flow · commit 124d7f10d798 · 2023-08-02T07:14:12.000Z
#### Summary Fixes #7889 I'm getting a `The tenant has not onboarded to PIM` when trying to sync this table. The API is quite straightforward so seems like a setup/permissions issue. <!--
diff --git a/plugins/source/azure/docs/tables/README.md b/plugins/source/azure/docs/tables/README.md
@@ -254,6 +254,7 @@
 - [azure_resources_links](../../../../../website/tables/azure/azure_resources_links.md)
 - [azure_resources_resource_groups](../../../../../website/tables/azure/azure_resources_resource_groups.md)
 - [azure_resources_resources](../../../../../website/tables/azure/azure_resources_resources.md)
+- [azure_role_management_policy_assignments](../../../../../website/tables/azure/azure_role_management_policy_assignments.md)
 - [azure_saas_resources](../../../../../website/tables/azure/azure_saas_resources.md)
 - [azure_search_services](../../../../../website/tables/azure/azure_search_services.md)
 - [azure_security_alerts](../../../../../website/tables/azure/azure_security_alerts.md)
diff --git a/plugins/source/azure/resources/plugin/tables.go b/plugins/source/azure/resources/plugin/tables.go
@@ -123,6 +123,7 @@ func getTables() schema.Tables {
 		authorization.ProviderOperationsMetadata(),
 		authorization.RoleAssignments(),
 		authorization.RoleDefinitions(),
+		authorization.RoleManagementPolicyAssignments(),
 		automation.Account(),
 		azurearcdata.PostgresInstances(),
 		azurearcdata.SqlManagedInstances(),
diff --git a/plugins/source/azure/resources/services/authorization/role_management_policy_assignments.go b/plugins/source/azure/resources/services/authorization/role_management_policy_assignments.go
@@ -0,0 +1,40 @@
+package authorization
+
+import (
+	"context"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
+	"github.com/cloudquery/cloudquery/plugins/source/azure/client"
+	"github.com/cloudquery/plugin-sdk/v4/schema"
+	"github.com/cloudquery/plugin-sdk/v4/transformers"
+)
+
+func RoleManagementPolicyAssignments() *schema.Table {
+	return &schema.Table{
+		Name:                 "azure_role_management_policy_assignments",
+		Resolver:             fetchRoleManagementPolicyAssignments,
+		PostResourceResolver: client.LowercaseIDResolver,
+		Description:          "https://learn.microsoft.com/en-us/rest/api/authorization/role-management-policy-assignments/list-for-scope?tabs=HTTP#rolemanagementpolicyassignment",
+		Multiplex:            client.SubscriptionMultiplexRegisteredNamespace("azure_role_management_policy_assignments", client.Namespacemicrosoft_authorization),
+		Transform:            transformers.TransformWithStruct(&armauthorization.RoleManagementPolicyAssignment{}, transformers.WithPrimaryKeys("ID")),
+		Columns:              schema.ColumnList{client.SubscriptionID},
+	}
+}
+
+func fetchRoleManagementPolicyAssignments(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan<- any) error {
+	cl := meta.(*client.Client)
+	svc, err := armauthorization.NewRoleManagementPolicyAssignmentsClient(cl.Creds, cl.Options)
+	if err != nil {
+		return err
+	}
+	scope := "/subscriptions/" + cl.SubscriptionId
+	pager := svc.NewListForScopePager(scope, nil)
+	for pager.More() {
+		p, err := pager.NextPage(ctx)
+		if err != nil {
+			return err
+		}
+		res <- p.Value
+	}
+	return nil
+}
diff --git a/plugins/source/azure/resources/services/authorization/role_management_policy_assignments_test.go b/plugins/source/azure/resources/services/authorization/role_management_policy_assignments_test.go
@@ -0,0 +1,39 @@
+package authorization
+
+import (
+	"encoding/json"
+	"net/http"
+	"testing"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2"
+	"github.com/cloudquery/cloudquery/plugins/source/azure/client"
+
+	"github.com/cloudquery/plugin-sdk/v4/faker"
+	"github.com/gorilla/mux"
+)
+
+func createRoleManagementPolicyAssignments(router *mux.Router) error {
+	var item armauthorization.RoleManagementPolicyAssignmentsClientListForScopeResponse
+	if err := faker.FakeObject(&item); err != nil {
+		return err
+	}
+
+	emptyStr := ""
+	item.NextLink = &emptyStr
+	router.HandleFunc("/subscriptions/"+client.TestSubscription+"/providers/Microsoft.Authorization/roleManagementPolicyAssignments", func(w http.ResponseWriter, r *http.Request) {
+		b, err := json.Marshal(&item)
+		if err != nil {
+			http.Error(w, "unable to marshal request: "+err.Error(), http.StatusBadRequest)
+			return
+		}
+		if _, err := w.Write(b); err != nil {
+			http.Error(w, "failed to write", http.StatusBadRequest)
+			return
+		}
+	})
+	return nil
+}
+
+func TestRoleManagementPolicyAssignments(t *testing.T) {
+	client.MockTestHelper(t, RoleManagementPolicyAssignments(), createRoleManagementPolicyAssignments)
+}
diff --git a/website/pages/docs/plugins/sources/azure/tables.md b/website/pages/docs/plugins/sources/azure/tables.md
diff --git a/website/tables/azure/azure_role_management_policy_assignments.md b/website/tables/azure/azure_role_management_policy_assignments.md
@@ -0,0 +1,19 @@
+# Table: azure_role_management_policy_assignments
+
+This table shows data for Azure Role Management Policy Assignments.
+
+https://learn.microsoft.com/en-us/rest/api/authorization/role-management-policy-assignments/list-for-scope?tabs=HTTP#rolemanagementpolicyassignment
+
+The primary key for this table is **id**.
+
+## Columns
+
+| Name          | Type          |
+| ------------- | ------------- |
+|_cq_id|`uuid`|
+|_cq_parent_id|`uuid`|
+|subscription_id|`utf8`|
+|properties|`json`|
+|id (PK)|`utf8`|
+|name|`utf8`|
+|type|`utf8`|
