Role Definition Ids are not visible in assignments
Nikhleshk opened this issue · comments
Hi
We are are trying to assign role definition during assignment but we are not able to achieve required result.
We tried in both ways
#role_definition_ids = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.role_definition_ids
/*
role_definition_ids = [
data.azurerm_role_definition.DNS_Zone_Contributor.id,
data.azurerm_role_definition.Network_Contributor.id
]
*/
By trying both the ways we are able to see role definition in
This identity will also be given the following permissions:
module "org_mg_PrivateLinkAzureAutomationArecordtoprivateDNSZone" {
source = "..//modules/def_assignment"
definition = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.definition
assignment_scope = data.azurerm_management_group.org.id
assignment_effect = "DeployIfNotExists"
skip_remediation = var.skip_remediation
skip_role_assignment = false
#role_definition_ids = module.PrivateLinkAzureAutomationArecordtoprivateDNSZone.role_definition_ids
/*
role_definition_ids = [
data.azurerm_role_definition.DNS_Zone_Contributor.id,
data.azurerm_role_definition.Network_Contributor.id
]
*/
assignment_parameters = {
privateDnsZoneId = "/subscriptions/74bd4da4-5bd3-449a-9e17-49d12a2b2a00/resourceGroups/privatednszones-prod-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azure-automation.net"
}
}
def_assignment
will automatically assign roles located in the definition without needing to populate role_definition_ids
so you can remove it.
I have also included this ability in the next version 2.6.0 for set_assignment
I have used it without role definition too but still same result.
and for testing i am testing with policy not initiative