Roles

ilsp/bicep_lsp/modules.py

@@ -20,6 +20,75 @@ logger = logging.getLogger(__name__)
 # Known Azure enum values not always captured in the catalog schema
 _KNOWN_ENUMS: dict[str, list[str]] = {
     "principalType": ["User", "Group", "ServicePrincipal", "Device", "ForeignGroup"],
+    "roles": [
+        # Key Vault roles
+        "KEY_VAULT_ADMINISTRATOR",
+        "KEY_VAULT_CERTIFICATES_OFFICER",
+        "KEY_VAULT_CRYPTO_OFFICER",
+        "KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER",
+        "KEY_VAULT_CRYPTO_USER",
+        "KEY_VAULT_READER",
+        "KEY_VAULT_SECRETS_OFFICER",
+        "KEY_VAULT_SECRETS_USER",
+        # Storage roles
+        "STORAGE_BLOB_DATA_CONTRIBUTOR",
+        "STORAGE_BLOB_DATA_OWNER",
+        "STORAGE_BLOB_DATA_READER",
+        "STORAGE_QUEUE_DATA_CONTRIBUTOR",
+        "STORAGE_QUEUE_DATA_READER",
+        "STORAGE_TABLE_DATA_CONTRIBUTOR",
+        "STORAGE_TABLE_DATA_READER",
+        # Common Azure roles
+        "CONTRIBUTOR",
+        "OWNER",
+        "READER",
+        "USER_ACCESS_ADMINISTRATOR",
+        # App/Function roles
+        "WEBSITE_CONTRIBUTOR",
+        # Monitoring roles
+        "MONITORING_CONTRIBUTOR",
+        "MONITORING_METRICS_PUBLISHER",
+        "MONITORING_READER",
+        "LOG_ANALYTICS_CONTRIBUTOR",
+        "LOG_ANALYTICS_READER",
+        # SQL roles
+        "SQL_DB_CONTRIBUTOR",
+        "SQL_MANAGED_INSTANCE_CONTRIBUTOR",
+        "SQL_SECURITY_MANAGER",
+        "SQL_SERVER_CONTRIBUTOR",
+    ],
+    "roleDefinitionIds": [
+        # Same list for roleDefinitionIds parameter
+        "KEY_VAULT_ADMINISTRATOR",
+        "KEY_VAULT_CERTIFICATES_OFFICER",
+        "KEY_VAULT_CRYPTO_OFFICER",
+        "KEY_VAULT_CRYPTO_SERVICE_ENCRYPTION_USER",
+        "KEY_VAULT_CRYPTO_USER",
+        "KEY_VAULT_READER",
+        "KEY_VAULT_SECRETS_OFFICER",
+        "KEY_VAULT_SECRETS_USER",
+        "STORAGE_BLOB_DATA_CONTRIBUTOR",
+        "STORAGE_BLOB_DATA_OWNER",
+        "STORAGE_BLOB_DATA_READER",
+        "STORAGE_QUEUE_DATA_CONTRIBUTOR",
+        "STORAGE_QUEUE_DATA_READER",
+        "STORAGE_TABLE_DATA_CONTRIBUTOR",
+        "STORAGE_TABLE_DATA_READER",
+        "CONTRIBUTOR",
+        "OWNER",
+        "READER",
+        "USER_ACCESS_ADMINISTRATOR",
+        "WEBSITE_CONTRIBUTOR",
+        "MONITORING_CONTRIBUTOR",
+        "MONITORING_METRICS_PUBLISHER",
+        "MONITORING_READER",
+        "LOG_ANALYTICS_CONTRIBUTOR",
+        "LOG_ANALYTICS_READER",
+        "SQL_DB_CONTRIBUTOR",
+        "SQL_MANAGED_INSTANCE_CONTRIBUTOR",
+        "SQL_SECURITY_MANAGER",
+        "SQL_SERVER_CONTRIBUTOR",
+    ],
 }
 
 # Catalog is baked into the image root at /bicep_modules_catalog.json
@@ -268,6 +337,56 @@ class BicepModuleCatalog:
         iac_params = cls._iac_param_map(module_name)
 
         items = []
+
+        # Build snippet for full params block (shown first)
+        snippet_params = []
+        tabstop = 1
+        for param_name, param_info in ver_params.items():
+            iac = iac_params.get(param_name, {})
+            required = iac.get("required", False)
+            ptype = param_info.get("type", "any")
+            allowed = param_info.get("allowed", [])
+
+            # Include required params + first few optional params in snippet
+            if required or len(snippet_params) < 5:
+                if allowed:
+                    # Enum: use placeholder with first allowed value
+                    placeholder = f"'{allowed[0]}'"
+                elif ptype == "bool":
+                    placeholder = "true"
+                elif ptype == "int":
+                    placeholder = "0"
+                elif ptype == "array":
+                    placeholder = "[]"
+                elif ptype == "object":
+                    placeholder = "{{}}"
+                else:
+                    placeholder = "''"
+                snippet_params.append(f"  {param_name}: ${{{tabstop}:{placeholder}}}")
+                tabstop += 1
+
+        if snippet_params:
+            snippet_text = "\n" + "\n".join(snippet_params) + "\n"
+            required_count = sum(1 for p, i in ver_params.items()
+                                if iac_params.get(p, {}).get("required", False))
+            items.append({
+                "label": "⚡ Fill params block",
+                "kind": 15,  # Snippet
+                "detail": f"{len(snippet_params)} params ({required_count} required)",
+                "insertText": snippet_text,
+                "insertTextFormat": 2,  # Snippet
+                "sortText": "0_lru_snippet_000",
+                "documentation": {
+                    "kind": "markdown",
+                    "value": (
+                        f"**Fill params block**\n\n"
+                        f"Inserts {len(snippet_params)} params for `{module_name}`.\n"
+                        f"Use Tab to navigate between fields."
+                    ),
+                },
+            })
+
+        # Individual param completions
         for param_name, param_info in ver_params.items():
             ptype = param_info.get("type", "any")
             allowed = param_info.get("allowed", [])