powerful-football-81694
12/18/2020, 2:24 PMvar configRoleAssignment = new Assignment(
$"orgflow-download-{stackName}-configRoleAssignment",
new AssignmentArgs()
{
PrincipalId = app.Identity.Apply(x => x.PrincipalId),
RoleDefinitionName = "App Configuration Data Reader", // Use textual name of role
Scope = configService.Resources.Single().Id,
SkipServicePrincipalAadCheck = true
});
I cannot find any way to accomplish the same using AzureNextGen, it seems like we can only resolve role definitions using their GUID IDs and some awkward string concatenation:
var configRoleAssignment = new RoleAssignment(
$"orgflow-download-{stackName}-configRoleAssignment",
new RoleAssignmentArgs()
{
RoleAssignmentName = "200DA71F-80F9-4D5F-90AB-FCE5CE72FA97",
PrincipalId = app.Identity.Apply(x => x!.PrincipalId),
// TODO: Resolve subscription ID, and if possible also role definition ID
RoleDefinitionId = "/subscriptions/1788357e-d506-4118-9f88-092c1dcddc16/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", //configDataReaderRole.Id,
Scope = configStore.Id,
});
Even doing a GetRoleDefinition.InvokeAsync()
does not help, as that one also takes this ID as its only possible input. Does anyone know how to avoid hard-coding the role ID, and instead resolve it from the role name as was possible with the old provider?sparse-park-68967
12/18/2020, 6:07 PMpowerful-football-81694
12/18/2020, 9:53 PM