Why does `(*armauthorization.RoleDefinitionsClient).Get` return a slice of pointers to `Permission` struct instead of a single struct?

[mattwelke]

Bug Report

The method used to call the Role Definitions - Get endpoint seems to return data in a more complex way than is needed. And it makes me feel nervous about making software that relies on the returned data.

I decided to post on Stack Overflow because I felt this issue may relate to the Azure API as a whole, not just the Go SDK, and usually I like to get answers to questions as public as possible so that as many people as possible benefit when they're answered.

For details, see https://stackoverflow.com/questions/77534305/why-does-azures-role-definitions-api-return-more-than-permission-struct-for-a-r. If you'd rather I copy the details into this issue, just let me know!

• import path of package in question, e.g. .../services/compute/mgmt/2018-06-01/compute: github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2
• SDK version e.g. master, latest, 18.1.0: v2.1.1
  • Specify the exact commit if possible: https://github.com/Azure/azure-sdk-for-go/commit/366c851a371f0c9bb8f0074215f0417bdefba783
• output of go version: go version go1.21.3 linux/amd64

• What happened? The API call succeeded and returned the data I wanted in a single item in a slice. If I added more data (e.g. adding more actions to a custom role), the new data was reflected in the first item in the slice. The slice never had more than one item.
• What did you expect or want to happen? Because the API appears to be able to return all of the data people will ever need in one item, not multiple items (or at least this is my understanding of the API so far), I expected the data returned from the SDK call to be a single item, not a slice of items where the length of the slice was always 1.
• How can we reproduce it? Run the test program in the Stack Overflow question. Substitute your own subscription ID in the program.
• Anything we should know about your environment. n/a

[raych1]

@mattwelke , the schema defined in swagger for the permissions field is an array. However, I validated a few roles that ends up having only one element in the array of permissions. This is an example:

"properties": {
    "roleName": "Storage Table Data Contributor",
    "type": "BuiltInRole",
    "description": "Allows for read, write and delete access to Azure Storage tables and entities",
    "assignableScopes": [
      "/"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Storage/storageAccounts/tableServices/tables/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/write",
          "Microsoft.Storage/storageAccounts/tableServices/tables/delete"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
          "Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
          "Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
          "Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
          "Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
        ],
        "notDataActions": []
      }
    ],
    "createdOn": "2021-06-15T06:51:59.8207610Z",
    "updatedOn": "2021-11-11T20:15:12.2854966Z",
    "createdBy": null,

I'm not sure what is the real implementation in API side, and I would like to loop in the service team to confirm.

[github-actions[bot]]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AshishGargMicrosoft @darshanhs90.

[github-actions[bot]]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AshishGargMicrosoft @darshanhs90.

[mattwelke]

Thanks @raych1. Looking forward to an update from them.

However, I validated a few roles that ends up having only one element in the array of permissions. This is an example

Can you confirm whether this means you were able to find one or more roles that have more than one element in the array of permissions? If so, can you show me an example?

[raych1]

Thanks @raych1. Looking forward to an update from them.

However, I validated a few roles that ends up having only one element in the array of permissions. This is an example

Can you confirm whether this means you were able to find one or more roles that have more than one element in the array of permissions? If so, can you show me an example?

@mattwelke, for all the roles I verified, I saw the response only contains one element in the permissions array.