Skip to content
/ terraform-azure-rbac-administrator Public

A Terraform module that will help you create role assignment for the role Role Based Access Control Administrator.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hlokensgard/terraform-azure-rbac-administrator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

examples

examples

 
 

.gitignore

.gitignore

 
 

.pre-commit-config.yaml

.pre-commit-config.yaml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

locals.tf

locals.tf

 
 

main.tf

main.tf

 
 

variables.tf

variables.tf

 
 

version.tf

version.tf

 
 

Repository files navigation

Role Based Access Control Administrator

Information

A Terraform module that will help you create role assignment for the role Role Based Access Control Administrator. This role allows you to manage Azure RBAC roles and assignments. It can be easy to set up in the Azure portal but rather hard to configure the same in Terraform. This module will help you to do that.

For more information on the role, please visit the Azure Documentation

Usage

Example Constrain Roles

module "rbac_admin" {
    scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
    role_id_to_assign = "acdd72a7-3385-48ef-bd42-f606fba81ae7" # Reader
    object_id_to_be_added_to_rbac_admin_role = "00000000-0000-0000-0000-000000000000" # Object ID of the user to be added
    principal_type = "User"
    constrain_roles = true
}

Example Constrain Roles and Principal Types

module "rbac_admin" {
    scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
    role_id_to_assign = "acdd72a7-3385-48ef-bd42-f606fba81ae7" # Reader
    object_id_to_be_added_to_rbac_admin_role = "00000000-0000-0000-0000-000000000000" # Object ID of the group to be added
    principal_type = "Group"
    user_type = true
    group_type = true
    constrain_roles_and_principal_types = true
}

Exmaple Constrain Roles and Principals

module "rbac_admin" {
    scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
    role_id_to_assign = "acdd72a7-3385-48ef-bd42-f606fba81ae7" # Reader
    object_id_to_be_added_to_rbac_admin_role = "00000000-0000-0000-0000-000000000000" # Object ID of the user to be added
    principal_type = "User"
    constrain_roles_and_principals = true
    object_ids_that_can_given_the_role = ["00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000001"]
}

Example Custom Condition

module "rbac_admin" {
    scope = "/subscriptions/00000000-0000-0000-0000-000000000000"
    role_id_to_assign = "acdd72a7-3385-48ef-bd42-f606fba81ae7" # Reader
    object_id_to_be_added_to_rbac_admin_role = "00000000-0000-0000-0000-000000000000" # Object ID of the user to be added
    principal_type = "User"
    enable_custom_condition = true
    custom_condition = ""
}

Requirements

Name Version
terraform ~>1.0
azapi ~>1.0

Providers

Name Version
azapi 1.12.0

Modules

No modules.

Resources

Name Type
azapi_resource.rbac_admin resource

Inputs

Name Description Type Default Required
object_id_to_be_added_to_rbac_admin_role The object ID of the user, group, or service principal you want to assign the role Role Based Access Control Administrator to. string n/a yes
scope The scope of the resource. This can be a subscription, resource group, or resource. Most common is an subscription. Example: /subscriptions/00000000-0000-0000-0000-000000000000 string n/a yes
constrain_roles If you want to constrain the role assignment to only be able to assign the role, set this to true bool false no
constrain_roles_and_principal_types If you want to constrain the role assignment to only be able to assign the role to a specific principal type, set this to true bool false no
constrain_roles_and_principals If you want to constrain the role assignment to only be able to assign the role to a specific principal, set this to true bool false no
custom_condition Only used when enable_custom_condition is set to true. The custom condition for the role assignment. string "" no
description The description of the role assignment. This is just used as meta data and is not required. Example: This role assignment is for... string "" no
enable_custom_condition If you want to enable a custom condition for the role assignment, set this to true bool false no
group_type Only in use when constrain_roles_and_principal_types is set to true. If you want to assign the role to a group, set this to true bool false no
object_ids_that_can_be_given_the_role Only used when constrain_roles_and_principals is set to true. The object IDs of the users, groups, or service principals that will be given the chosen role. This is a list of object IDs. Example: ["00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000001"] list(string) [] no
principal_type The type of principal you want to assign the role Role Based Access Control Administrator to. This can be User, Group, or ServicePrincipal string "User" no
role_id_to_assign The role definition ID to assign. This is the ID of the role you want the users to be able to assign to others. This could be Storage Blob Data Contributor, Virtual Machine Contributor, etc. string "" no
service_principal_type Only in use when constrain_roles_and_principal_types is set to true. If you want to assign the role to a service principal, set this to true bool false no
user_type Only in use when constrain_roles_and_principal_types is set to true. If you want to assign the role to a user, set this to true bool false no

Outputs

No outputs.

About

A Terraform module that will help you create role assignment for the role Role Based Access Control Administrator.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Support for custom condition Latest
Feb 17, 2024
+ 1 release

Packages

No packages published

Languages