Add support to Roles

Author: RovinKYK

iamctl/cmd/cli/exportAll.go

@@ -25,6 +25,7 @@ import (
 	claims "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/claims"
 	identityproviders "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/identityProviders"
 	oidcScopes "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/oidcScopes"
+	roles "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/roles"
 	userstores "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/userStores"
 	"github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/utils"
 )
@@ -49,6 +50,7 @@ var exportAllCmd = &cobra.Command{
 			utils.APPLICATIONS:       applications.ExportAll,
 			utils.USERSTORES:         userstores.ExportAll,
 			utils.OIDC_SCOPES:        oidcScopes.ExportAll,
+			utils.ROLES:              roles.ExportAll,
 		}
 
 		for _, resourceType := range utils.ResourceOrder {

iamctl/cmd/cli/importAll.go

@@ -25,6 +25,7 @@ import (
 	claims "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/claims"
 	identityproviders "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/identityProviders"
 	oidcScopes "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/oidcScopes"
+	roles "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/roles"
 	userstores "github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/userStores"
 	"github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/utils"
 )
@@ -48,6 +49,7 @@ var importAllCmd = &cobra.Command{
 			utils.APPLICATIONS:       applications.ImportAll,
 			utils.USERSTORES:         userstores.ImportAll,
 			utils.OIDC_SCOPES:        oidcScopes.ImportAll,
+			utils.ROLES:              roles.ImportAll,
 		}
 
 		for _, resourceType := range utils.ResourceOrder {

iamctl/pkg/roles/export.go

@@ -0,0 +1,101 @@
+/**
+* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
+*
+* WSO2 LLC. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+ */
+
+package roles
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/utils"
+)
+
+func ExportAll(exportFilePath string, format string) {
+
+	log.Println("Exporting roles...")
+	exportFilePath = filepath.Join(exportFilePath, utils.ROLES.String())
+
+	if utils.IsResourceTypeExcluded(utils.ROLES) {
+		return
+	}
+	roles, err := getRoleList()
+	if err != nil {
+		log.Println("Error: when exporting roles.", err)
+		return
+	}
+
+	if _, err := os.Stat(exportFilePath); os.IsNotExist(err) {
+		os.MkdirAll(exportFilePath, 0700)
+	} else {
+		if utils.TOOL_CONFIGS.AllowDelete {
+			deployedRoleNames := getDeployedRoleLocalFileNames(roles)
+			utils.RemoveDeletedLocalResources(exportFilePath, deployedRoleNames)
+		}
+	}
+
+	for _, r := range roles {
+		if !utils.IsResourceExcluded(r.DisplayName, utils.TOOL_CONFIGS.RoleConfigs) {
+			log.Println("Exporting role:", r.DisplayName)
+
+			err := exportRole(r, exportFilePath, format)
+			if err != nil {
+				utils.UpdateFailureSummary(utils.ROLES, r.DisplayName)
+				log.Printf("Error while exporting role: %s. %s", r.DisplayName, err)
+			} else {
+				utils.UpdateSuccessSummary(utils.ROLES, utils.EXPORT)
+				log.Println("Role exported successfully:", r.DisplayName)
+			}
+		}
+	}
+
+}
+
+func exportRole(r role, outputDirPath string, formatString string) error {
+
+	roleData, err := utils.SendGetRequest(utils.ROLES, r.Id)
+	if err != nil {
+		return fmt.Errorf("error while getting role: %w", err)
+	}
+	roleData, err = utils.RemoveResponseFields(roleData, "id")
+	if err != nil {
+		return fmt.Errorf("error while processing response fields: %w", err)
+	}
+
+	format := utils.FormatFromString(formatString)
+	exportedFileName := utils.GetExportedFilePath(outputDirPath, escapeRoleName(r.DisplayName), format)
+
+	roleKeywordMapping := getRoleKeywordMapping(r.DisplayName)
+	modifiedRole, err := utils.ProcessExportedData(roleData, exportedFileName, format, roleKeywordMapping, utils.ROLES)
+	if err != nil {
+		return fmt.Errorf("error while processing exported content: %w", err)
+	}
+
+	modifiedFile, err := utils.Serialize(modifiedRole, format, utils.ROLES)
+	if err != nil {
+		return fmt.Errorf("error while serializing role: %w", err)
+	}
+
+	err = os.WriteFile(exportedFileName, modifiedFile, 0644)
+	if err != nil {
+		return fmt.Errorf("error when writing exported content to file: %w", err)
+	}
+
+	return nil
+}

iamctl/pkg/roles/import.go

@@ -0,0 +1,168 @@
+/**
+* Copyright (c) 2026, WSO2 LLC. (https://www.wso2.com).
+*
+* WSO2 LLC. licenses this file to you under the Apache License,
+* Version 2.0 (the "License"); you may not use this file except
+* in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied. See the License for the
+* specific language governing permissions and limitations
+* under the License.
+ */
+
+package roles
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"path/filepath"
+
+	"github.com/wso2-extensions/identity-tools-cli/iamctl/pkg/utils"
+)
+
+func ImportAll(inputDirPath string) {
+
+	log.Println("Importing roles...")
+	importFilePath := filepath.Join(inputDirPath, utils.ROLES.String())
+
+	if utils.IsResourceTypeExcluded(utils.ROLES) {
+		return
+	}
+	if _, err := os.Stat(importFilePath); os.IsNotExist(err) {
+		log.Println("No roles to import.")
+		return
+	}
+
+	existingRoleList, err := getRoleList()
+	if err != nil {
+		log.Println("Error retrieving the deployed role list:", err)
+		return
+	}
+
+	files, err := os.ReadDir(importFilePath)
+	if err != nil {
+		log.Println("Error importing roles:", err)
+		return
+	}
+
+	if utils.TOOL_CONFIGS.AllowDelete {
+		removeDeletedDeployedRoles(files, existingRoleList)
+	}
+
+	for _, file := range files {
+		roleFilePath := filepath.Join(importFilePath, file.Name())
+		fileInfo := utils.GetFileInfo(roleFilePath)
+		displayName := unescapeName(fileInfo.ResourceName)
+
+		if !utils.IsResourceExcluded(displayName, utils.TOOL_CONFIGS.RoleConfigs) {
+			roleExists := isRoleExists(displayName, existingRoleList)
+			err := importRole(displayName, roleExists, roleFilePath, existingRoleList)
+			if err != nil {
+				log.Println("Error importing role:", err)
+				utils.UpdateFailureSummary(utils.ROLES, displayName)
+			}
+		}
+	}
+}
+
+func importRole(displayName string, roleExists bool, importFilePath string, existingRoles []role) error {
+
+	format, err := utils.FormatFromExtension(filepath.Ext(importFilePath))
+	if err != nil {
+		return fmt.Errorf("unsupported file format for role: %w", err)
+	}
+
+	fileBytes, err := os.ReadFile(importFilePath)
+	if err != nil {
+		return fmt.Errorf("error when reading the file for role: %w", err)
+	}
+
+	roleKeywordMapping := getRoleKeywordMapping(displayName)
+	modifiedFileData := utils.ReplaceKeywords(string(fileBytes), roleKeywordMapping)
+
+	if !roleExists {
+		return createRole([]byte(modifiedFileData), format, displayName)
+	}
+
+	roleId := getRoleIdByDisplayName(displayName, existingRoles)
+	return updateRole(roleId, []byte(modifiedFileData), format, displayName)
+}
+
+func createRole(requestBody []byte, format utils.Format, displayName string) error {
+
+	log.Println("Creating new role:", displayName)
+
+	jsonBody, err := utils.PrepareJSONRequestBody(requestBody, format, utils.ROLES)
+	if err != nil {
+		return err
+	}
+
+	resp, err := utils.SendPostRequest(utils.ROLES, jsonBody)
+	if err != nil {
+		return fmt.Errorf("error when creating role: %w", err)
+	}
+	defer resp.Body.Close()
+
+	utils.UpdateSuccessSummary(utils.ROLES, utils.IMPORT)
+	log.Println("Role created successfully:", displayName)
+	return nil
+}
+
+func updateRole(roleId string, requestBody []byte, format utils.Format, displayName string) error {
+
+	log.Println("Updating role:", displayName)
+
+	patchBody, err := buildRolePermissionsPatchBody(requestBody, format)
+	if err != nil {
+		return fmt.Errorf("error building patch body for role: %w", err)
+	}
+
+	resp, err := utils.SendPatchRequest(utils.ROLES, roleId, patchBody)
+	if err != nil {
+		return fmt.Errorf("error when updating role: %w", err)
+	}
+	defer resp.Body.Close()
+
+	utils.UpdateSuccessSummary(utils.ROLES, utils.UPDATE)
+	log.Println("Role updated successfully:", displayName)
+	return nil
+}
+
+func removeDeletedDeployedRoles(localFiles []os.DirEntry, deployedRoles []role) {
+
+	if len(deployedRoles) == 0 {
+		return
+	}
+
+	localResourceNames := make(map[string]struct{})
+	for _, file := range localFiles {
+		resourceName := utils.GetFileInfo(file.Name()).ResourceName
+		localResourceNames[resourceName] = struct{}{}
+	}
+
+	for _, r := range deployedRoles {
+		fileName := escapeRoleName(r.DisplayName)
+		if _, existsLocally := localResourceNames[fileName]; existsLocally {
+			continue
+		}
+		if utils.IsResourceExcluded(r.DisplayName, utils.TOOL_CONFIGS.RoleConfigs) {
+			log.Println("Role is excluded from deletion:", r.DisplayName)
+			continue
+		}
+
+		log.Printf("Role: %s not found locally. Deleting role.\n", r.DisplayName)
+		if err := utils.SendDeleteRequest(r.Id, utils.ROLES); err != nil {
+			utils.UpdateFailureSummary(utils.ROLES, r.DisplayName)
+			log.Println("Error deleting role:", r.DisplayName, err)
+		} else {
+			utils.UpdateSuccessSummary(utils.ROLES, utils.DELETE)
+		}
+	}
+}