From 927f173fcf257bb5bb4d466dfcc2e92a16288532 Mon Sep 17 00:00:00 2001 From: Greg Oliver Date: Wed, 18 Oct 2017 18:36:17 -0700 Subject: [PATCH 1/2] role assignment & authentication doc tweaks --- ...authenticating_via_azure_cli.html.markdown | 2 ++ website/docs/r/role_assignment.html.markdown | 32 ++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/website/docs/authenticating_via_azure_cli.html.markdown b/website/docs/authenticating_via_azure_cli.html.markdown index dc47d4edc3c3..b903f0263b5f 100644 --- a/website/docs/authenticating_via_azure_cli.html.markdown +++ b/website/docs/authenticating_via_azure_cli.html.markdown @@ -71,3 +71,5 @@ The output (similar to below) will display one or more Subscriptions - with the ```shell $ az account set --subscription="SUBSCRIPTION_ID" ``` + +Also, if you have been authenticating with a service principal and you switch to Azure CLI, you must null out the ARM_* environment variables. Failure to do so causes errors to be thrown. diff --git a/website/docs/r/role_assignment.html.markdown b/website/docs/r/role_assignment.html.markdown index 2be4fbfd5567..1b4cf5795488 100644 --- a/website/docs/r/role_assignment.html.markdown +++ b/website/docs/r/role_assignment.html.markdown @@ -30,7 +30,7 @@ resource "azurerm_role_assignment" "test" { } ``` -## Example Usage (Custom Role) +## Example Usage (Custom Role & Service Principal) ``` data "azurerm_subscription" "primary" {} @@ -60,6 +60,36 @@ resource "azurerm_role_assignment" "test" { } ``` +## Example Usage (Custom Role & User) + +``` +data "azurerm_subscription" "primary" {} + +data "azurerm_client_config" "test" {} + +resource "azurerm_role_definition" "test" { + role_definition_id = "00000000-0000-0000-0000-000000000000" + name = "my-custom-role-definition" + scope = "${data.azurerm_subscription.primary.id}" + + permissions { + actions = ["Microsoft.Resources/subscriptions/resourceGroups/read"] + not_actions = [] + } + + assignable_scopes = [ + "${data.azurerm_subscription.primary.id}", + ] +} + +resource "azurerm_role_assignment" "test" { + name = "00000000-0000-0000-0000-000000000000" + scope = "${data.azurerm_subscription.primary.id}" + role_definition_id = "${azurerm_role_definition.test.id}" + principal_id = "${data.azurerm_client_config.test.client_id}" +} +``` + ## Argument Reference The following arguments are supported: From 25548aad329030f796114fcc8dea00ecc24b8612 Mon Sep 17 00:00:00 2001 From: Greg Oliver Date: Mon, 23 Oct 2017 21:26:13 +0000 Subject: [PATCH 2/2] fix route table --- azurerm/resource_arm_route_table.go | 1 + 1 file changed, 1 insertion(+) diff --git a/azurerm/resource_arm_route_table.go b/azurerm/resource_arm_route_table.go index 51bef9c0cdfc..bc80781cc22c 100644 --- a/azurerm/resource_arm_route_table.go +++ b/azurerm/resource_arm_route_table.go @@ -36,6 +36,7 @@ func resourceArmRouteTable() *schema.Resource { "route": { Type: schema.TypeList, Optional: true, + Computed: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "name": {