https://pulumi.com logo
Join Slack
Powered by
Hi there, new to Pulumi and first post. I'm havin...
# getting-started
s
Hi there, new to Pulumi and first post. I'm having some difficulty getting interpolation (C#) to work with the ID output of an Azure Native Resource Group in order to generate the string required to access a well-known Role Definiiton. Here's a working example using hard-coded references to an existing resource group:
Copy code
using System.Threading.Tasks;
using Pulumi;
using Azure = Pulumi.AzureNative;
using AzureAD = Pulumi.AzureAD;

class WorkingStack : Stack
{
    public MyStack()
    {
        var subscriptionId = "12345678-1234-1234-1234-1234567890ab";
        var existingRgId = $"/subscriptions/{subscriptionId}/resourceGroups/some-existing-rg";

        var rgContributorId = $"{existingRgId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("globalAdmins","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
        {
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = existingRgId
        });
    }
}
but if I try to do the same thing with a created resource group:
Copy code
class BrokenStack : Stack
{
        public BrokenStack()
    {
        var rg = new Azure.Resources.ResourceGroup("rg", new Azure.Resources.ResourceGroupArgs
        {
            Location = "UK South"
        });

        var rgContributorId = rg.Id.Apply(id => $"{id}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c");
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("grp","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
        {
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = rg.Id
        });
    }
}
then it fails:
Copy code
Diagnostics:
  azure-native:authorization:RoleDefinition (contributorRoleDef):
    error: azure-native:authorization:RoleDefinition resource 'contributorRoleDef' has a problem: missing required property 'scope'
3 Views
Open in Slack
PreviousNext
Powered by