From 6f1687ffc9eb4570c89377cd8e61e20b1bfbf943 Mon Sep 17 00:00:00 2001 From: xhy8759 <529370469@qq.com> Date: Thu, 21 Nov 2024 12:53:53 +0800 Subject: [PATCH] add switch on whether to create role assignments for hci rp (#31) Co-authored-by: Zidong Lu --- README.md | 8 ++++++++ locals.tf | 4 ++-- variables.tf | 6 ++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 165e7ef..dcf26b9 100644 --- a/README.md +++ b/README.md @@ -383,6 +383,14 @@ Type: `string` Default: `"Express"` +### [create\_hci\_rp\_role\_assignments](#input\_create\_hci\_rp\_role\_assignments) + +Description: Indicates whether to create role assignments for the HCI resource provider service principal. + +Type: `bool` + +Default: `false` + ### [create\_key\_vault](#input\_create\_key\_vault) Description: Set to true to create the key vault, or false to skip it diff --git a/locals.tf b/locals.tf index 270966f..77b8a8c 100644 --- a/locals.tf +++ b/locals.tf @@ -154,9 +154,9 @@ locals { roles = { KVSU = "Key Vault Secrets User", } - rp_roles = { + rp_roles = var.create_hci_rp_role_assignments ? { ACMRM = "Azure Connected Machine Resource Manager", - } + } : {} secrets_location = var.secrets_location == "" ? local.key_vault.vault_uri : var.secrets_location seperate_intents = [{ name = var.compute_intent_name, diff --git a/variables.tf b/variables.tf index de4ee7c..e4fced7 100644 --- a/variables.tf +++ b/variables.tf @@ -256,6 +256,12 @@ variable "configuration_mode" { description = "The configuration mode for the storage." } +variable "create_hci_rp_role_assignments" { + type = bool + default = false + description = "Indicates whether to create role assignments for the HCI resource provider service principal." +} + variable "create_key_vault" { type = bool default = true