https://pulumi.com
Join Slack
Hi there, new to Pulumi and first post. I'm having some difficulty getting interpolation (C#) to wo...
# getting-started
s
Hi there, new to Pulumi and first post. I'm having some difficulty getting interpolation (C#) to work with the ID output of an Azure Native Resource Group in order to generate the string required to access a well-known Role Definiiton. Here's a working example using hard-coded references to an existing resource group:
Copy code
using System.Threading.Tasks;
using Pulumi;
using Azure = Pulumi.AzureNative;
using AzureAD = Pulumi.AzureAD;

class WorkingStack : Stack
{
    public MyStack()
    {
        var subscriptionId = "12345678-1234-1234-1234-1234567890ab";
        var existingRgId = $"/subscriptions/{subscriptionId}/resourceGroups/some-existing-rg";

        var rgContributorId = $"{existingRgId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c";
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("globalAdmins","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
        {
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = existingRgId
        });
    }
}
but if I try to do the same thing with a created resource group:
Copy code
class BrokenStack : Stack
{
        public BrokenStack()
    {
        var rg = new Azure.Resources.ResourceGroup("rg", new Azure.Resources.ResourceGroupArgs
        {
            Location = "UK South"
        });

        var rgContributorId = rg.Id.Apply(id => $"{id}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c");
        var contributorRoleDef = Azure.Authorization.RoleDefinition.Get("contributorRoleDef",rgContributorId);

        var globalAdmins = AzureAD.Group.Get("grp","f22ac475-c1e3-4e21-b9a8-4f50f473278c");
        var assignment1 = new Azure.Authorization.RoleAssignment("assignment1", new Azure.Authorization.RoleAssignmentArgs
        {
            PrincipalId      = globalAdmins.Id,
            RoleDefinitionId = contributorRoleDef.Id,
            Scope            = rg.Id
        });
    }
}
then it fails:
Copy code
Diagnostics:
  azure-native:authorization:RoleDefinition (contributorRoleDef):
    error: azure-native:authorization:RoleDefinition resource 'contributorRoleDef' has a problem: missing required property 'scope'
2 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by