Skip to content

Commit

Permalink
Fixing based on PR feedback
Browse files Browse the repository at this point in the history
  • Loading branch information
peterbud committed May 11, 2024
1 parent 93afd09 commit d4178dd
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 30 deletions.
25 changes: 9 additions & 16 deletions avm/ptn/authorization/resource-role-assignment/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass
name: 'resourceRoleAssignmentDeployment'
params: {
// Required parameters
name: '<name>'
principalId: '<principalId>'
resourceId: '<resourceId>'
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
Expand All @@ -66,9 +65,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass
"contentVersion": "1.0.0.0",
"parameters": {
// Required parameters
"name": {
"value": "<name>"
},
"principalId": {
"value": "<principalId>"
},
Expand Down Expand Up @@ -109,7 +105,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass
name: 'resourceRoleAssignmentDeployment'
params: {
// Required parameters
name: '<name>'
principalId: '<principalId>'
resourceId: '<resourceId>'
roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1'
Expand All @@ -132,9 +127,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass
"contentVersion": "1.0.0.0",
"parameters": {
// Required parameters
"name": {
"value": "<name>"
},
"principalId": {
"value": "<principalId>"
},
Expand Down Expand Up @@ -162,7 +154,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-name) | string | The unique guid name for the role assignment. |
| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). |
| [`resourceId`](#parameter-resourceid) | string | The scope for the role assignment, fully qualified resourceId. |
| [`roleDefinitionId`](#parameter-roledefinitionid) | string | The role definition ID for the role assignment. |
Expand All @@ -173,16 +164,10 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass
| :-- | :-- | :-- |
| [`description`](#parameter-description) | string | The description of role assignment. |
| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
| [`name`](#parameter-name) | string | The unique guid name for the role assignment. |
| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. |
| [`roleName`](#parameter-rolename) | string | The name for the role, used for logging. |

### Parameter: `name`

The unique guid name for the role assignment.

- Required: Yes
- Type: string

### Parameter: `principalId`

The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity).
Expand Down Expand Up @@ -220,6 +205,14 @@ Enable/Disable usage telemetry for module.
- Type: bool
- Default: `True`

### Parameter: `name`

The unique guid name for the role assignment.

- Required: No
- Type: string
- Default: `''`

### Parameter: `principalType`

The principal type of the assigned principal ID.
Expand Down
22 changes: 16 additions & 6 deletions avm/ptn/authorization/resource-role-assignment/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@ metadata owner = 'Azure/module-maintainers'
@sys.description('Required. The scope for the role assignment, fully qualified resourceId.')
param resourceId string

@sys.description('Required. The unique guid name for the role assignment.')
param name string
@sys.description('Optional. The unique guid name for the role assignment.')
param name string = ''

@sys.description('Required. The role definition ID for the role assignment.')
param roleDefinitionId string
Expand Down Expand Up @@ -63,7 +63,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableT
var tFile = loadFileAsBase64('modules/generic-role-assignment.json')

resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = {
name: '${guid(resourceId, roleDefinitionId)}-ResourceRoleAssignment'
name: '${guid(resourceId, principalId, roleDefinitionId)}-ResourceRoleAssignment'
properties: {
mode: 'Incremental'
expressionEvaluationOptions: {
Expand All @@ -75,10 +75,20 @@ resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = {
value: resourceId
}
name: {
value: name
value: !empty(name)
? name
: guid(
resourceId,
principalId,
contains(roleDefinitionId, '/providers/Microsoft.Authorization/roleDefinitions/')
? roleDefinitionId
: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
)
}
roleDefinitionId: {
value: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
value: contains(roleDefinitionId, '/providers/Microsoft.Authorization/roleDefinitions/')
? roleDefinitionId
: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId)
}
principalId: {
value: principalId
Expand All @@ -94,7 +104,7 @@ resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = {
}

@sys.description('The GUID of the Role Assignment.')
output name string = name
output name string = name!

@sys.description('The name for the role, used for logging.')
output roleName string = roleName
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,6 @@ module testDeployment '../../../main.bicep' = [
name: '${guid(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
scope: resourceGroup
params: {
name: guid(
nestedDependencies.outputs.managedIdentityPrincipalId,
nestedDependencies.outputs.storageAccountResourceId
)
resourceId: nestedDependencies.outputs.storageAccountResourceId
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,6 @@ module testDeployment '../../../main.bicep' = [
name: '${guid(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}'
scope: resourceGroup
params: {
name: guid(
nestedDependencies.outputs.managedIdentityPrincipalId,
nestedDependencies.outputs.storageAccountResourceId
)
resourceId: nestedDependencies.outputs.storageAccountResourceId
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
Expand Down

0 comments on commit d4178dd

Please sign in to comment.