Fixed projection of principalType #3163 (#3164)

Azure · Nov 2, 2024 · e49f675 · e49f675
1 parent ef2b154
commit e49f675
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/docs/CHANGELOG-v1.md b/docs/CHANGELOG-v1.md
@@ -29,6 +29,10 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers
 
 ## Unreleased
 
+- Bug fixes:
+  - Fixed projection of default role authorization property `principalType` by @BernieWhite.
+    [#3163](https://github.com/Azure/PSRule.Rules.Azure/issues/3163)
+
 ## v1.40.0-B0063 (pre-release)
 
 What's changed since pre-release v1.40.0-B0029:

diff --git a/src/PSRule.Rules.Azure/Data/Template/RuleDataExportVisitor.cs b/src/PSRule.Rules.Azure/Data/Template/RuleDataExportVisitor.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Management.Automation.Language;
 using Newtonsoft.Json.Linq;
 
 namespace PSRule.Rules.Azure.Data.Template;
@@ -22,6 +23,7 @@ internal sealed class RuleDataExportVisitor : TemplateVisitor
     private const string PROPERTY_PROPERTIES = "properties";
     private const string PROPERTY_CLIENT_ID = "clientId";
     private const string PROPERTY_PRINCIPAL_ID = "principalId";
+    private const string PROPERTY_PRINCIPAL_TYPE = "principalType";
     private const string PROPERTY_TENANT_ID = "tenantId";
     private const string PROPERTY_ADMINISTRATORS = "administrators";
     private const string PROPERTY_IDENTITY = "identity";
@@ -39,6 +41,7 @@ internal sealed class RuleDataExportVisitor : TemplateVisitor
 
     private const string PLACEHOLDER_GUID = "ffffffff-ffff-ffff-ffff-ffffffffffff";
     private const string IDENTITY_SYSTEMASSIGNED = "SystemAssigned";
+    private const string DEFAULT_USER = "User";
 
     private const string TYPE_USERASSIGNEDIDENTITY = "Microsoft.ManagedIdentity/userAssignedIdentities";
     private const string TYPE_SQLSERVER = "Microsoft.Sql/servers";
@@ -54,6 +57,7 @@ internal sealed class RuleDataExportVisitor : TemplateVisitor
     private const string TYPE_CONTAINERREGISTRY = "Microsoft.ContainerRegistry/registries";
     private const string TYPE_KEYVAULT = "Microsoft.KeyVault/vaults";
     private const string TYPE_STORAGE_OBJECTREPLICATIONPOLICIES = "Microsoft.Storage/storageAccounts/objectReplicationPolicies";
+    private const string TYPE_AUTHORIZATION_ROLE_ASSIGNMENTS = "Microsoft.Authorization/roleAssignments";
 
     private static readonly JsonMergeSettings _MergeSettings = new()
     {
@@ -133,6 +137,7 @@ private static void ProjectRuntimeProperties(TemplateContext context, IResourceV
             ProjectSubscriptionAlias(context, resource) ||
             ProjectStorageObjectReplicationPolicies(context, resource) ||
             ProjectKeyVault(context, resource) ||
+            ProjectRoleAssignments(context, resource) ||
             ProjectResource(context, resource);
     }
 
@@ -152,6 +157,22 @@ private static bool ProjectResource(TemplateContext context, IResourceValue reso
         return true;
     }
 
+    private static bool ProjectRoleAssignments(TemplateContext context, IResourceValue resource)
+    {
+        if (!resource.IsType(TYPE_AUTHORIZATION_ROLE_ASSIGNMENTS))
+            return false;
+
+        resource.Value.UseProperty(PROPERTY_PROPERTIES, out JObject properties);
+
+        // Add properties.principalType
+        if (!properties.ContainsKeyInsensitive(PROPERTY_PRINCIPAL_TYPE))
+        {
+            properties[PROPERTY_PRINCIPAL_TYPE] = DEFAULT_USER;
+        }
+
+        return true;
+    }
+
     private static bool ProjectManagedIdentity(TemplateContext context, IResourceValue resource)
     {
         if (!resource.IsType(TYPE_USERASSIGNEDIDENTITY))