salmon-egg-38815
05/21/2021, 4:25 AMusing System.Threading.Tasks;
using Pulumi;
using Azure = Pulumi.AzureNative;
using AzureAD = Pulumi.AzureAD;
class WorkingStack : Stack
{
public MyStack()
{
var subscriptionId = "12345678-1234-1234-1234-1234567890ab";
var existingRgId = $"/subscriptions/{subscriptionId}/resourceGroups/some-existing-rg";
var rgContributorId = $"{existingRgId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";
var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);
var globalAdmins = AzureAD.Group.Get("globalAdmins","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
{
PrincipalId = globalAdmins.Id,
RoleDefinitionId = contributorRoleDef.Id,
Scope = existingRgId
});
}
}
but if I try to do the same thing with a created resource group:
class BrokenStack : Stack
{
public BrokenStack()
{
var rg = new Azure.Resources.ResourceGroup("rg", new Azure.Resources.ResourceGroupArgs
{
Location = "UK South"
});
var rgContributorId = rg.Id.Apply(id => $"{id}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c");
var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);
var globalAdmins = AzureAD.Group.Get("grp","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
{
PrincipalId = globalAdmins.Id,
RoleDefinitionId = contributorRoleDef.Id,
Scope = rg.Id
});
}
}
then it fails:
Diagnostics:
azure-native:authorization:RoleDefinition (contributorRoleDef):
error: azure-native:authorization:RoleDefinition resource 'contributorRoleDef' has a problem: missing required property 'scope'