generated from Azure/terraform-azurerm-avm-template
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrolebindings.tf
31 lines (24 loc) · 1.03 KB
/
rolebindings.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
data "azuread_service_principal" "hci_rp" {
count = var.rp_service_principal_object_id == "" ? 1 : 0
client_id = "1412d89f-b8a8-4111-b4fd-e82905cbd85d"
}
resource "azurerm_role_assignment" "service_principal_role_assign" {
for_each = local.rp_roles
principal_id = var.rp_service_principal_object_id == "" ? data.azuread_service_principal.hci_rp[0].object_id : var.rp_service_principal_object_id
scope = var.resource_group_id
role_definition_name = each.value
depends_on = [data.azuread_service_principal.hci_rp]
}
resource "azurerm_role_assignment" "machine_role_assign" {
for_each = {
for idx, assignment in local.role_assignments :
"${assignment.server_name}_${assignment.role_key}" => assignment
}
principal_id = each.value.principal_id
scope = replace(local.key_vault.id, var.keyvault_name, lower(var.keyvault_name))
role_definition_name = each.value.role_name
depends_on = [
azurerm_key_vault.deployment_keyvault,
data.azurerm_key_vault.key_vault
]
}