05/21/2021, 4:25 AM
Hi there, new to Pulumi and first post. I'm having some difficulty getting interpolation (C#) to work with the ID output of an Azure Native Resource Group in order to generate the string required to access a well-known Role Definiiton. Here's a working example using hard-coded references to an existing resource group:
using System.Threading.Tasks;
using Pulumi;
using Azure = Pulumi.AzureNative;
using AzureAD = Pulumi.AzureAD;

class WorkingStack : Stack
    public MyStack()
        var subscriptionId = "12345678-1234-1234-1234-1234567890ab";
        var existingRgId = $"/subscriptions/{subscriptionId}/resourceGroups/some-existing-rg";

        var rgContributorId = $"{existingRgId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("globalAdmins","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = existingRgId
but if I try to do the same thing with a created resource group:
class BrokenStack : Stack
        public BrokenStack()
        var rg = new Azure.Resources.ResourceGroup("rg", new Azure.Resources.ResourceGroupArgs
            Location = "UK South"

        var rgContributorId = rg.Id.Apply(id => $"{id}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c");
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("grp","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = rg.Id
then it fails:
  azure-native:authorization:RoleDefinition (contributorRoleDef):
    error: azure-native:authorization:RoleDefinition resource 'contributorRoleDef' has a problem: missing required property 'scope'