diff --git a/avm/ptn/authorization/resource-role-assignment/README.md b/avm/ptn/authorization/resource-role-assignment/README.md index ceb160b7686..ec9ac5c1e16 100644 --- a/avm/ptn/authorization/resource-role-assignment/README.md +++ b/avm/ptn/authorization/resource-role-assignment/README.md @@ -41,7 +41,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass name: 'resourceRoleAssignmentDeployment' params: { // Required parameters - name: '' principalId: '' resourceId: '' roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' @@ -66,9 +65,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "name": { - "value": "" - }, "principalId": { "value": "" }, @@ -109,7 +105,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass name: 'resourceRoleAssignmentDeployment' params: { // Required parameters - name: '' principalId: '' resourceId: '' roleDefinitionId: '2a2b9908-6ea1-4ae2-8e65-a410df84e7d1' @@ -132,9 +127,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "name": { - "value": "" - }, "principalId": { "value": "" }, @@ -162,7 +154,6 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass | Parameter | Type | Description | | :-- | :-- | :-- | -| [`name`](#parameter-name) | string | The unique guid name for the role assignment. | | [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | | [`resourceId`](#parameter-resourceid) | string | The scope for the role assignment, fully qualified resourceId. | | [`roleDefinitionId`](#parameter-roledefinitionid) | string | The role definition ID for the role assignment. | @@ -173,16 +164,10 @@ module resourceRoleAssignment 'br/public:avm/ptn/authorization/resource-role-ass | :-- | :-- | :-- | | [`description`](#parameter-description) | string | The description of role assignment. | | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`name`](#parameter-name) | string | The unique guid name for the role assignment. | | [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | | [`roleName`](#parameter-rolename) | string | The name for the role, used for logging. | -### Parameter: `name` - -The unique guid name for the role assignment. - -- Required: Yes -- Type: string - ### Parameter: `principalId` The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). @@ -220,6 +205,14 @@ Enable/Disable usage telemetry for module. - Type: bool - Default: `True` +### Parameter: `name` + +The unique guid name for the role assignment. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `principalType` The principal type of the assigned principal ID. diff --git a/avm/ptn/authorization/resource-role-assignment/main.bicep b/avm/ptn/authorization/resource-role-assignment/main.bicep index 22d56ce5774..acd3cb75fc4 100644 --- a/avm/ptn/authorization/resource-role-assignment/main.bicep +++ b/avm/ptn/authorization/resource-role-assignment/main.bicep @@ -5,8 +5,8 @@ metadata owner = 'Azure/module-maintainers' @sys.description('Required. The scope for the role assignment, fully qualified resourceId.') param resourceId string -@sys.description('Required. The unique guid name for the role assignment.') -param name string +@sys.description('Optional. The unique guid name for the role assignment.') +param name string = '' @sys.description('Required. The role definition ID for the role assignment.') param roleDefinitionId string @@ -63,7 +63,7 @@ resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableT var tFile = loadFileAsBase64('modules/generic-role-assignment.json') resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = { - name: '${guid(resourceId, roleDefinitionId)}-ResourceRoleAssignment' + name: '${guid(resourceId, principalId, roleDefinitionId)}-ResourceRoleAssignment' properties: { mode: 'Incremental' expressionEvaluationOptions: { @@ -75,10 +75,20 @@ resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = { value: resourceId } name: { - value: name + value: !empty(name) + ? name + : guid( + resourceId, + principalId, + contains(roleDefinitionId, '/providers/Microsoft.Authorization/roleDefinitions/') + ? roleDefinitionId + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) + ) } roleDefinitionId: { - value: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) + value: contains(roleDefinitionId, '/providers/Microsoft.Authorization/roleDefinitions/') + ? roleDefinitionId + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleDefinitionId) } principalId: { value: principalId @@ -94,7 +104,7 @@ resource resourceRoleAssignment 'Microsoft.Resources/deployments@2023-07-01' = { } @sys.description('The GUID of the Role Assignment.') -output name string = name +output name string = name! @sys.description('The name for the role, used for logging.') output roleName string = roleName diff --git a/avm/ptn/authorization/resource-role-assignment/tests/e2e/all/main.test.bicep b/avm/ptn/authorization/resource-role-assignment/tests/e2e/all/main.test.bicep index 79c09f8eaa0..2bc06f024de 100644 --- a/avm/ptn/authorization/resource-role-assignment/tests/e2e/all/main.test.bicep +++ b/avm/ptn/authorization/resource-role-assignment/tests/e2e/all/main.test.bicep @@ -50,10 +50,6 @@ module testDeployment '../../../main.bicep' = [ name: '${guid(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' scope: resourceGroup params: { - name: guid( - nestedDependencies.outputs.managedIdentityPrincipalId, - nestedDependencies.outputs.storageAccountResourceId - ) resourceId: nestedDependencies.outputs.storageAccountResourceId principalId: nestedDependencies.outputs.managedIdentityPrincipalId principalType: 'ServicePrincipal' diff --git a/avm/ptn/authorization/resource-role-assignment/tests/e2e/defaults/main.test.bicep b/avm/ptn/authorization/resource-role-assignment/tests/e2e/defaults/main.test.bicep index 7181e7162db..252442bc345 100644 --- a/avm/ptn/authorization/resource-role-assignment/tests/e2e/defaults/main.test.bicep +++ b/avm/ptn/authorization/resource-role-assignment/tests/e2e/defaults/main.test.bicep @@ -50,10 +50,6 @@ module testDeployment '../../../main.bicep' = [ name: '${guid(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' scope: resourceGroup params: { - name: guid( - nestedDependencies.outputs.managedIdentityPrincipalId, - nestedDependencies.outputs.storageAccountResourceId - ) resourceId: nestedDependencies.outputs.storageAccountResourceId principalId: nestedDependencies.outputs.managedIdentityPrincipalId principalType: 'ServicePrincipal'