#!/usr/bin/env bash
# nerf-az-role-definition-list -- List role definitions (optionally filtered by name or scope).
# Generated from az-role manifest. Do not edit directly.
# nerf:threat:read=remote
# nerf:threat:write=none

if [[ "${BASH_VERSINFO[0]:-0}" -lt 4 ]]; then
  echo "error: nerf-az-role-definition-list requires bash 4+. Found bash ${BASH_VERSION:-unknown}" >&2
  echo "  hint: on macOS, install a newer bash via 'brew install bash'" >&2
  exit 1
fi

set -euo pipefail

_NERF_DRY_RUN=""

usage() {
  cat >&2 <<'EOF'
Usage: nerf-az-role-definition-list [--custom-role-only] [--name|-n <name>] [--scope <scope>] [--subscription <subscription>]

Switches:
  --custom-role-only
      Show only custom (non-built-in) roles

Options:
  --name, -n <name>
      Role name (e.g. "Network Contributor")
  --scope <scope>
      Scope to filter by (full Azure resource ID)
  --subscription <subscription>
      Subscription name or ID (defaults to active)

Maps to: az role definition list <name> <scope> <custom_role_only> <subscription> --output json

List role definitions (optionally filtered by name or scope).
EOF
  exit 1
}

CUSTOM_ROLE_ONLY=""
NAME=""
_NAME_SET=""
SCOPE=""
_SCOPE_SET=""
SUBSCRIPTION=""
_SUBSCRIPTION_SET=""

while [[ $# -gt 0 ]]; do
  case "$1" in
    --custom-role-only) if [[ -n "${CUSTOM_ROLE_ONLY}" ]]; then echo "error: --custom-role-only can only be specified once" >&2; exit 1; fi; CUSTOM_ROLE_ONLY="true"; shift 1 ;;
    --name|-n) if [[ -n "${_NAME_SET}" ]]; then echo "error: --name can only be specified once" >&2; exit 1; fi; NAME="$2"; _NAME_SET=true; shift 2 ;;
    --scope) if [[ -n "${_SCOPE_SET}" ]]; then echo "error: --scope can only be specified once" >&2; exit 1; fi; SCOPE="$2"; _SCOPE_SET=true; shift 2 ;;
    --subscription) if [[ -n "${_SUBSCRIPTION_SET}" ]]; then echo "error: --subscription can only be specified once" >&2; exit 1; fi; SUBSCRIPTION="$2"; _SUBSCRIPTION_SET=true; shift 2 ;;
    --nerf-dry-run) _NERF_DRY_RUN="true"; shift 1 ;;
    -h|--help) usage ;;
    --) shift; break ;;
    *) echo "error: unknown argument: $1" >&2; usage ;;
  esac
done

if [[ "$_NERF_DRY_RUN" == "true" ]]; then
  _NERF_DRY_CMD=(az role definition list ${_NAME_SET:+"--name"} ${_NAME_SET:+"$NAME"} ${_SCOPE_SET:+"--scope"} ${_SCOPE_SET:+"$SCOPE"} ${CUSTOM_ROLE_ONLY:+"--custom-role-only"} ${_SUBSCRIPTION_SET:+"--subscription"} ${_SUBSCRIPTION_SET:+"$SUBSCRIPTION"} --output json)
  printf 'dry-run:'
  for _a in "${_NERF_DRY_CMD[@]}"; do printf " %q" "$_a"; done
  echo
  exit 0
fi

exec az role definition list ${_NAME_SET:+"--name"} ${_NAME_SET:+"$NAME"} ${_SCOPE_SET:+"--scope"} ${_SCOPE_SET:+"$SCOPE"} ${CUSTOM_ROLE_ONLY:+"--custom-role-only"} ${_SUBSCRIPTION_SET:+"--subscription"} ${_SUBSCRIPTION_SET:+"$SUBSCRIPTION"} --output json
