Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
499 views
in Technique[技术] by (71.8m points)

azure - Terraform azurerm role definition with email address

I am deploying resources to Azure with Terraform. I want to assign roles to AD users by using their email address. In the azurerm_role_assignment resource, only the object id of the user can be used. I have tried it with email but it logically fails.

resource "azurerm_role_assignment" "example" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azurerm_client_config.example.object_id
}

With az powershell, the role can be assigned with the user's sign-in name : New-AzRoleAssignment -SignInName <userupn> .

Is there way to do it with terraform?

question from:https://stackoverflow.com/questions/66066406/terraform-azurerm-role-definition-with-email-address

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I have found the answer. The data azuread_users can be used as a solution:

data "azuread_users" "users" {
  user_principal_names = ["[email protected]"]
}

resource "azurerm_role_assignment" "rbac_wvd" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azuread_users.wvd_user.object_ids[0]
}

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...