https://pulumi.com logo
Join Slack
Powered by
Hi all, I'm trying to provide a group name and rol...
# azure
l
Hi all, I'm trying to provide a group name and role name, look them up to get the id, and then create a role assignment in a resource group. I'm unable to find something in Pulumi to resolve role id's. Anyone know of a way? This is what I have so far:
Copy code
var ownerGroup = AzureAD.GetGroup.InvokeAsync(new()
                    {
                        DisplayName = ownerGroupName,
                        SecurityEnabled = true,
                    });
                    if (ownerGroup.Result.Id == null)
                    {
                        throw new ArgumentException($"group {ownerGroupName} not found");
                    }

                    var roleAssignment = new AzureNative.Authorization.RoleAssignment($"{rgName}Owner", new()
                    {
                        PrincipalId = ownerGroup.Result.Id.Split("/")[2],  // id will be /groups/id, so get the id part
                        PrincipalType = AzureNative.Authorization.PrincipalType.Group,
                        Scope = thisRg.Id,
                        RoleDefinitionId = "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
                    });
I'd like to replace the hardcoded 
RoleDefinitionId
with a looked up value from name
m
You have an example in this article 👉 https://leebriggs.co.uk/blog/2022/01/23/gha-cloud-credentials
To be honest I would not bother with that and hardcode the role definitionid. That something that does not change, that can be retrieved from Microsoft documentation so I think a class AzureBuiltInRoles with constants in it makes sense. But otherwise you can check the article
l
good point about them being static. I'll just hardcode them as constants
2 Views
Open in Slack
PreviousNext
Powered by