From bf6ffc4cba0d7c21084c9a2e7a418ecf4cca12a2 Mon Sep 17 00:00:00 2001 From: davidrobert Date: Sun, 15 Dec 2024 11:22:15 +0200 Subject: [PATCH] Prevent duplicate azure custom role update --- src/shared/azureagent/customroles.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/shared/azureagent/customroles.go b/src/shared/azureagent/customroles.go index cfceb9c8b..951959165 100644 --- a/src/shared/azureagent/customroles.go +++ b/src/shared/azureagent/customroles.go @@ -7,11 +7,13 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2" "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi" + "github.com/google/go-cmp/cmp" "github.com/google/uuid" "github.com/otterize/intents-operator/src/operator/api/v2alpha1" "github.com/otterize/intents-operator/src/shared/agentutils" "github.com/otterize/intents-operator/src/shared/errors" "github.com/samber/lo" + "github.com/sirupsen/logrus" "strings" ) @@ -35,6 +37,7 @@ func (a *Agent) GenerateCustomRoleName(uai armmsi.Identity, scope string) string func (a *Agent) CreateCustomRole(ctx context.Context, scope string, uai armmsi.Identity, actions []v2alpha1.AzureAction, dataActions []v2alpha1.AzureDataAction) (*armauthorization.RoleDefinition, error) { roleScope := a.getSubscriptionScope(scope) + logrus.Debugf("Creating custom role for %s", *uai.Name) formattedActions := lo.Map(actions, func(action v2alpha1.AzureAction, _ int) *string { return to.Ptr(string(action)) @@ -71,6 +74,7 @@ func (a *Agent) CreateCustomRole(ctx context.Context, scope string, uai armmsi.I func (a *Agent) UpdateCustomRole(ctx context.Context, scope string, role *armauthorization.RoleDefinition, actions []v2alpha1.AzureAction, dataActions []v2alpha1.AzureDataAction) error { roleScope := a.getSubscriptionScope(scope) + logrus.Debugf("Updating custom role %s", *role.Name) formattedActions := lo.Map(actions, func(action v2alpha1.AzureAction, _ int) *string { return to.Ptr(string(action)) @@ -79,6 +83,12 @@ func (a *Agent) UpdateCustomRole(ctx context.Context, scope string, role *armaut return to.Ptr(string(action)) }) + // Compare the actions and dataActions to the existing role definition + if cmp.Equal(role.Properties.Permissions[0].Actions, formattedActions) && cmp.Equal(role.Properties.Permissions[0].DataActions, formattedDataActions) { + logrus.Debugf("Role %s already has the correct permissions", *role.Name) + return nil + } + role.Properties.Permissions = []*armauthorization.Permission{ { Actions: formattedActions, @@ -114,6 +124,7 @@ func (a *Agent) FindCustomRoleByName(ctx context.Context, scope string, name str func (a *Agent) DeleteCustomRole(ctx context.Context, scope string, roleDefinitionID string) error { roleScope := a.getSubscriptionScope(scope) + logrus.Debugf("Deleting custom role %s", roleDefinitionID) _, err := a.roleDefinitionsClient.Delete(ctx, roleScope, roleDefinitionID, nil) if err != nil {