/terraform-azurerm-role-assignment

A module used to assign a role to something in Azure, it will also lookup up the role ID if you know the name, or use the ID to look up the name 👆

Primary LanguageHCLMIT LicenseMIT

resource "azurerm_role_assignment" "this" {
  for_each = { for idx, assignment in var.assignments : tostring(idx) => assignment }
  name                                   = try(each.value.name, null)
  scope                                  = each.value.scope
  role_definition_id                     = lookup(each.value, "role_definition_id", null) != null ? data.azurerm_role_definition.by_id[each.key].id : null
  role_definition_name                   = lookup(each.value, "role_definition_name", null) != null ? data.azurerm_role_definition.by_name[each.key].name : null
  principal_id                           = each.value.principal_id
  condition                              = lookup(each.value, "condition", null)
  condition_version                      = lookup(each.value, "condition_version", null)
  delegated_managed_identity_resource_id = lookup(each.value, "delegated_managed_identity_resource_id", null)
  description                            = lookup(each.value, "description", null)
  skip_service_principal_aad_check       = lookup(each.value, "skip_service_principal_aad_check", false)
}


data "azurerm_role_definition" "by_name" {
  for_each = { for idx, assignment in var.assignments : tostring(idx) => assignment if lookup(assignment, "role_definition_name", null) != null }
  name  = each.value.role_definition_name
  scope = each.value.scope
}


data "azurerm_role_definition" "by_id" {
  for_each = { for idx, assignment in var.assignments : tostring(idx) => assignment if lookup(assignment, "role_definition_id", null) != null }
  role_definition_id = each.value.role_definition_id
  scope              = each.value.scope
}

Requirements

No requirements.

Providers

Name Version
azurerm 3.74.0

Modules

No modules.

Resources

Name Type
azurerm_role_assignment.this resource
azurerm_role_definition.by_id data source
azurerm_role_definition.by_name data source

Inputs

Name Description Type Default Required
assignments List of role assignments 
list(object({
    name                                   = optional(string)
    scope                                  = string
    role_definition_id                     = optional(string)
    role_definition_name                   = optional(string)
    principal_id                           = string
    condition                              = optional(string)
    condition_version                      = optional(string)
    delegated_managed_identity_resource_id = optional(string)
    description                            = optional(string)
    skip_service_principal_aad_check       = optional(bool)
  }))
 [] no

Outputs

Name Description
role_assignments Map of created role assignments.