From 927f173fcf257bb5bb4d466dfcc2e92a16288532 Mon Sep 17 00:00:00 2001
From: Greg Oliver <divingclimber@gmail.com>
Date: Wed, 18 Oct 2017 18:36:17 -0700
Subject: [PATCH] role assignment & authentication doc tweaks

---
 ...authenticating_via_azure_cli.html.markdown |  2 ++
 website/docs/r/role_assignment.html.markdown  | 32 ++++++++++++++++++-
 2 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/website/docs/authenticating_via_azure_cli.html.markdown b/website/docs/authenticating_via_azure_cli.html.markdown
index dc47d4edc3c3..b903f0263b5f 100644
--- a/website/docs/authenticating_via_azure_cli.html.markdown
+++ b/website/docs/authenticating_via_azure_cli.html.markdown
@@ -71,3 +71,5 @@ The output (similar to below) will display one or more Subscriptions - with the
 ```shell
 $ az account set --subscription="SUBSCRIPTION_ID"
 ```
+
+Also, if you have been authenticating with a service principal and you switch to Azure CLI, you must null out the ARM_* environment variables. Failure to do so causes errors to be thrown.
diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown
index 2be4fbfd5567..1b4cf5795488 100644
--- a/website/docs/r/role_assignment.html.markdown
+++ b/website/docs/r/role_assignment.html.markdown
@@ -30,7 +30,7 @@ resource "azurerm_role_assignment" "test" {
 }
 ```
 
-## Example Usage (Custom Role)
+## Example Usage (Custom Role & Service Principal)
 
 ```
 data "azurerm_subscription" "primary" {}
@@ -60,6 +60,36 @@ resource "azurerm_role_assignment" "test" {
 }
 ```
 
+## Example Usage (Custom Role & User)
+
+```
+data "azurerm_subscription" "primary" {}
+
+data "azurerm_client_config" "test" {}
+
+resource "azurerm_role_definition" "test" {
+  role_definition_id = "00000000-0000-0000-0000-000000000000"
+  name               = "my-custom-role-definition"
+  scope              = "${data.azurerm_subscription.primary.id}"
+
+  permissions {
+    actions     = ["Microsoft.Resources/subscriptions/resourceGroups/read"]
+    not_actions = []
+  }
+
+  assignable_scopes = [
+    "${data.azurerm_subscription.primary.id}",
+  ]
+}
+
+resource "azurerm_role_assignment" "test" {
+  name               = "00000000-0000-0000-0000-000000000000"
+  scope              = "${data.azurerm_subscription.primary.id}"
+  role_definition_id = "${azurerm_role_definition.test.id}"
+  principal_id       = "${data.azurerm_client_config.test.client_id}"
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported: