search roles

descope/api/client.go

@@ -155,6 +155,7 @@ var (
 			roleUpdate:                       "mgmt/role/update",
 			roleDelete:                       "mgmt/role/delete",
 			roleLoadAll:                      "mgmt/role/all",
+			roleSearch:                       "mgmt/role/search",
 			groupLoadAllGroups:               "mgmt/group/all",
 			groupLoadAllGroupsForMember:      "mgmt/group/member/all",
 			groupLoadAllGroupMembers:         "mgmt/group/members",
@@ -345,6 +346,7 @@ type mgmtEndpoints struct {
 	roleUpdate  string
 	roleDelete  string
 	roleLoadAll string
+	roleSearch  string
 
 	groupLoadAllGroups          string
 	groupLoadAllGroupsForMember string
@@ -885,6 +887,10 @@ func (e *endpoints) ManagementRoleLoadAll() string {
 	return path.Join(e.version, e.mgmt.roleLoadAll)
 }
 
+func (e *endpoints) ManagementRoleSearch() string {
+	return path.Join(e.version, e.mgmt.roleSearch)
+}
+
 func (e *endpoints) ManagementGroupLoadAllGroups() string {
 	return path.Join(e.version, e.mgmt.groupLoadAllGroups)
 }

descope/internal/mgmt/role.go

@@ -64,6 +64,14 @@ func (r *role) LoadAll(ctx context.Context) ([]*descope.Role, error) {
 	return unmarshalRolesLoadAllResponse(res)
 }
 
+func (r *role) Search(ctx context.Context, options *descope.RoleSearchOptions) ([]*descope.Role, error) {
+	res, err := r.client.DoPostRequest(ctx, api.Routes.ManagementRoleSearch(), options, nil, r.conf.ManagementKey)
+	if err != nil {
+		return nil, err
+	}
+	return unmarshalRolesLoadAllResponse(res)
+}
+
 func unmarshalRolesLoadAllResponse(res *api.HTTPResponse) ([]*descope.Role, error) {
 	pres := struct {
 		Roles []*descope.Role

descope/internal/mgmt/role_test.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 	"testing"
 
+	"github.com/descope/go-sdk/descope"
 	"github.com/descope/go-sdk/descope/tests/helpers"
 	"github.com/stretchr/testify/require"
 )
@@ -95,3 +96,36 @@ func TestRoleLoadError(t *testing.T) {
 	require.Error(t, err)
 	require.Nil(t, res)
 }
+
+func TestRoleSearchSuccess(t *testing.T) {
+	response := map[string]any{
+		"roles": []map[string]any{{
+			"name": "abc",
+		}}}
+	mgmt := newTestMgmt(nil, helpers.DoOkWithBody(func(r *http.Request) {
+		require.Equal(t, r.Header.Get("Authorization"), "Bearer a:key")
+		req := map[string]any{}
+		require.NoError(t, helpers.ReadBody(r, &req))
+		require.ElementsMatch(t, []string{"t1"}, req["tenantIds"])
+		require.ElementsMatch(t, []string{"r1"}, req["roleNames"])
+		require.Equal(t, "abc", req["roleNameLike"])
+		require.ElementsMatch(t, []string{"p1"}, req["permissionNames"])
+	}, response))
+	res, err := mgmt.Role().Search(context.Background(), &descope.RoleSearchOptions{
+		TenantIDs:       []string{"t1"},
+		RoleNames:       []string{"r1"},
+		RoleNameLike:    "abc",
+		PermissionNames: []string{"p1"},
+	})
+	require.NoError(t, err)
+	require.NotNil(t, res)
+	require.Len(t, res, 1)
+	require.Equal(t, "abc", res[0].Name)
+}
+
+func TestRoleSearchError(t *testing.T) {
+	mgmt := newTestMgmt(nil, helpers.DoBadRequest(nil))
+	res, err := mgmt.Role().Search(context.Background(), &descope.RoleSearchOptions{})
+	require.Error(t, err)
+	require.Nil(t, res)
+}

descope/sdk/mgmt.go

@@ -585,6 +585,8 @@ type Role interface {
 
 	// Load all roles.
 	LoadAll(ctx context.Context) ([]*descope.Role, error)
+
+	Search(ctx context.Context, options *descope.RoleSearchOptions) ([]*descope.Role, error)
 }
 
 // Provides functions for querying SSO groups in a project's tenant.

descope/types.go

@@ -666,6 +666,13 @@ func (r *Role) GetCreatedTime() time.Time {
 	return time.Unix(int64(r.CreatedTime), 0)
 }
 
+type RoleSearchOptions struct {
+	TenantIDs       []string `json:"tenantIds,omitempty"`
+	RoleNames       []string `json:"roleNames,omitempty"`
+	RoleNameLike    string   `json:"roleNameLike,omitempty"`
+	PermissionNames []string `json:"permissionNames,omitempty"`
+}
+
 // Options for searching and filtering users
 //
 // Limit - limits the number of returned users. Leave at 0 to return the default amount.