Skip to content

Commit

Permalink
rbac interface
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbrat2005
mbrat2005 committed Sep 12, 2024
1 parent 6a8b6e6 commit 692cd54
Showing 1 changed file with 18 additions and 8 deletions.
26 changes: 18 additions & 8 deletions avm/res/azure-stack-hci/network-interface/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,17 @@ var builtInRoleNames = {
)
}

var formattedRoleAssignments = [
for (roleAssignment, index) in (roleAssignments ?? []): union(roleAssignment, {
roleDefinitionId: builtInRoleNames[?roleAssignment.roleDefinitionIdOrName] ?? (contains(
roleAssignment.roleDefinitionIdOrName,
'/providers/Microsoft.Authorization/roleDefinitions/'
)
? roleAssignment.roleDefinitionIdOrName
: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName))
})
]

// ============== //
// Resources //
// ============== //
Expand Down Expand Up @@ -82,15 +93,11 @@ resource networkInterface 'Microsoft.AzureStackHCI/networkInterfaces@2024-01-01'
}
}

resource networkInterface_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
for (roleAssignment, index) in (roleAssignments ?? []): {
name: guid(networkInterface.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
resource networkinterface_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [
for (roleAssignment, index) in (formattedRoleAssignments ?? []): {
name: roleAssignment.?name ?? guid(networkInterface.id, roleAssignment.principalId, roleAssignment.roleDefinitionId)
properties: {
roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName)
? builtInRoleNames[roleAssignment.roleDefinitionIdOrName]
: contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/')
? roleAssignment.roleDefinitionIdOrName
: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
roleDefinitionId: roleAssignment.roleDefinitionId
principalId: roleAssignment.principalId
description: roleAssignment.?description
principalType: roleAssignment.?principalType
Expand Down Expand Up @@ -135,6 +142,9 @@ type ipConfigurationType = {
type ipConfigurationsType = ipConfigurationType[]

type roleAssignmentType = {
@description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.')
name: string?

@description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
roleDefinitionIdOrName: string

Expand Down

0 comments on commit 692cd54

Please sign in to comment.