This repository has been archived by the owner on Oct 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 523
/
roleassignments.go
39 lines (34 loc) · 1.7 KB
/
roleassignments.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
package engine
import (
"github.com/Azure/azure-sdk-for-go/services/preview/authorization/mgmt/2018-09-01-preview/authorization"
"github.com/Azure/go-autorest/autorest/to"
)
type IdentityRoleDefinition string
const (
// IdentityContributorRole means created user assigned identity will have "Contributor" role in created resource group
IdentityContributorRole IdentityRoleDefinition = "[variables('contributorRoleDefinitionId')]"
// IdentityReaderRole means created user assigned identity will have "Reader" role in created resource group
IdentityReaderRole IdentityRoleDefinition = "[variables('readerRoleDefinitionId')]"
)
func createMSIRoleAssignment(identityRoleDefinition IdentityRoleDefinition) RoleAssignmentARM {
return RoleAssignmentARM{
ARMResource: ARMResource{
APIVersion: "[variables('apiVersionAuthorizationUser')]",
DependsOn: []string{
"[concat('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))]",
},
},
RoleAssignment: authorization.RoleAssignment{
Type: to.StringPtr("Microsoft.Authorization/roleAssignments"),
Name: to.StringPtr("[guid(concat(variables('userAssignedID'), 'roleAssignment', resourceGroup().id))]"),
RoleAssignmentPropertiesWithScope: &authorization.RoleAssignmentPropertiesWithScope{
RoleDefinitionID: to.StringPtr(string(identityRoleDefinition)),
PrincipalID: to.StringPtr("[reference(concat('Microsoft.ManagedIdentity/userAssignedIdentities/', variables('userAssignedID'))).principalId]"),
PrincipalType: authorization.ServicePrincipal,
Scope: to.StringPtr("[resourceGroup().id]"),
},
},
}
}