Hi all, I'm trying to provide a group name and role name, look them up to get the id, and then creat...
l
late-airplane-27955
10/15/2024, 5:19 PMHi all, I'm trying to provide a group name and role name, look them up to get the id, and then create a role assignment in a resource group. I'm unable to find something in Pulumi to resolve role id's. Anyone know of a way? This is what I have so far:
Copy code
var ownerGroup = AzureAD.GetGroup.InvokeAsync(new()
{
DisplayName = ownerGroupName,
SecurityEnabled = true,
});
if (ownerGroup.Result.Id == null)
{
throw new ArgumentException($"group {ownerGroupName} not found");
}
var roleAssignment = new AzureNative.Authorization.RoleAssignment($"{rgName}Owner", new()
{
PrincipalId = ownerGroup.Result.Id.Split("/")[2], // id will be /groups/id, so get the id part
PrincipalType = AzureNative.Authorization.PrincipalType.Group,
Scope = thisRg.Id,
RoleDefinitionId = "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
});RoleDefinitionIdm
millions-journalist-34868
10/15/2024, 8:28 PMYou have an example in this article 👉 https://leebriggs.co.uk/blog/2022/01/23/gha-cloud-credentials
millions-journalist-34868
10/15/2024, 8:31 PMTo be honest I would not bother with that and hardcode the role definitionid. That something that does not change, that can be retrieved from Microsoft documentation so I think a class AzureBuiltInRoles with constants in it makes sense. But otherwise you can check the article
l
late-airplane-27955
10/16/2024, 8:15 AMgood point about them being static. I'll just hardcode them as constants
Pulumi Community
No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by