-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathdevCenterRoleAssignment.bicep
More file actions
44 lines (35 loc) · 1.38 KB
/
devCenterRoleAssignment.bicep
File metadata and controls
44 lines (35 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
targetScope = 'subscription'
@description('The role definition ID to assign to the identity')
param id string
@description('The principal ID of the identity to assign the role to')
param principalId string
@description('The principal type of the identity to assign the role to')
@allowed([
'User'
'Group'
'ServicePrincipal'
])
param principalType string = 'ServicePrincipal'
@description('The scope at which the role assignment should be created')
param scope string
@description('Existing role definition reference')
resource roleDefinition 'Microsoft.Authorization/roleDefinitions@2022-05-01-preview' existing = {
name: id
scope: subscription()
}
var roleAssignmentId = guid(subscription().id, principalId, id)
@description('Role assignment resource')
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (scope == 'Subscription') {
name: roleAssignmentId
scope: subscription()
properties: {
roleDefinitionId: roleDefinition.id
principalType: principalType
principalId: principalId
description: 'Role assignment for ${principalId} with role ${roleDefinition.name}'
}
}
@description('The ID of the created role assignment')
output roleAssignmentId string = (scope == 'Subscription') ? roleAssignment!.id : ''
@description('The scope of the role assignment')
output scope string = subscription().id