forked from Azure/terraform-azurerm-lz-vending
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.roleassignment.tf
45 lines (40 loc) · 1.38 KB
/
variables.roleassignment.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
variable "role_assignment_enabled" {
type = bool
description = <<DESCRIPTION
Whether to create role assignments.
If enabled, supply the list of role assignments in `var.role_assignments`.
DESCRIPTION
default = false
}
variable "role_assignments" {
type = map(object({
principal_id = string,
definition = string,
relative_scope = string,
}))
description = <<DESCRIPTION
Supply a map of objects containing the details of the role assignments to create.
Object fields:
- `principal_id`: The directory/object id of the principal to assign the role to.
- `definition`: The role definition to assign. Either use the name or the role definition resource id.
- `relative_scope`: Scope relative to the created subscription. Leave blank for subscription scope.
E.g.
```terraform
role_assignments = {
# Example using role definition name:
contributor_user = {
principal_id = "00000000-0000-0000-0000-000000000000",
definition = "Contributor",
relative_scope = "",
},
# Example using role definition id and RG scope:
myrg_custom_role = {
principal_id = "11111111-1111-1111-1111-111111111111",
definition = "/providers/Microsoft.Management/managementGroups/mymg/providers/Microsoft.Authorization/roleDefinitions/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa",
relative_scope = "/resourceGroups/MyRg",
}
}
```
DESCRIPTION
default = {}
}