fix: app scoped role assgnmt not properly linking to AZApp

Author: mistahj67

cmd/list-role-assignments.go

@@ -99,12 +99,17 @@ func listRoleAssignments(ctx context.Context, client client.AzureClient, roles <
 					count  = 0
 					filter = fmt.Sprintf("roleDefinitionId eq '%s'", id)
 				)
-				for item := range client.ListAzureADRoleAssignments(ctx, filter, "", "", "", nil) {
+				// We expand directoryScope in order to obtain the appId from app specific scoped role assignments
+				for item := range client.ListAzureADRoleAssignments(ctx, filter, "", "", "directoryScope", nil) {
 					if item.Error != nil {
 						log.Error(item.Error, "unable to continue processing role assignments for this role", "roleDefinitionId", id)
 					} else {
 						log.V(2).Info("found role assignment", "roleAssignments", item)
 						count++
+						// To ensure proper linking to AZApp nodes we want to supply the AppId instead when role assignments are app specific scoped
+						if item.Ok.DirectoryScopeId != "/" {
+							item.Ok.DirectoryScopeId = fmt.Sprintf("/%s", item.Ok.DirectoryScope.AppId)
+						}
 						roleAssignments.RoleAssignments = append(roleAssignments.RoleAssignments, item.Ok)
 					}
 				}

models/azure/unified_role_assignment.go

@@ -67,7 +67,7 @@ type UnifiedRoleAssignment struct {
 	// The directory object that is the scope of the assignment.
 	// Read-only.
 	// Supports $expand.
-	DirectoryScope json.RawMessage
+	DirectoryScope Application `json:"directoryScope,omitempty"`
 
 	// Read-only property with details of the app specific scope when the assignment scope is app specific.
 	// Containment entity.