azure - Terraform azurerm role definition with email address

Question

Welcome To Ask or Share your Answers For Others

azure - Terraform azurerm role definition with email address

asked Oct 6, 2021 in Technique[技术] by 深蓝 (71.8m points)

azure - Terraform azurerm role definition with email address

I am deploying resources to Azure with Terraform. I want to assign roles to AD users by using their email address. In the azurerm_role_assignment resource, only the object id of the user can be used. I have tried it with email but it logically fails.

resource "azurerm_role_assignment" "example" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azurerm_client_config.example.object_id
}

With az powershell, the role can be assigned with the user's sign-in name : New-AzRoleAssignment -SignInName <userupn> .

Is there way to do it with terraform?

question from:https://stackoverflow.com/questions/66066406/terraform-azurerm-role-definition-with-email-address

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-06T03:02:25+0000

I have found the answer. The data azuread_users can be used as a solution:

data "azuread_users" "users" {
  user_principal_names = ["[email protected]"]
}

resource "azurerm_role_assignment" "rbac_wvd" {
  scope                = data.azurerm_subscription.primary.id
  role_definition_name = "Reader"
  principal_id         = data.azuread_users.wvd_user.object_ids[0]
}

Categories

azure - Terraform azurerm role definition with email address

azure - Terraform azurerm role definition with email address

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags