Hello, I need to add a role assignment to a resource group artifact in a blueprint definition. I tried the following example https://www.pulumi.com/docs/reference/pkg/azure-native/blueprint/roleassignmentartifact? What kind of object does the PrincipleId parameter expect? I get the following error: error: azure-nativeblueprintRoleAssignmentArtifact resource 'roleAssignmentArtifact' has a problem: 'principalIds' should be of type '' but got a string

hey @delightful-xylophone-3967 - can you share your code? will be easier to understand the issue

Hi jaxxstrom, this is the sample code directly from the Pulumi sample code. My problem is, that I don't know what kind of object I am supposed to assign to

PrincipalIds

. The type is "object" and couldn't figure out, which class is presenting a service principle. The Microsoft SDK doesn't explain it neither https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.management.blueprint.models.roleassignmentartifact.principalids?view=azure-dotnet#M[…]ds It doesn't accept a string, as used in the pulumi example:

var roleAssignmentArtifact = new Pulumi.AzureNative.Blueprint.RoleAssignmentArtifact("roleAssignmentArtifact", new Pulumi.AzureNative.Blueprint.RoleAssignmentArtifactArgs

{

ArtifactName = "ownerAssignment",

BlueprintName = "simpleBlueprint",

DisplayName = "enforce owners of given subscription",

Kind = "roleAssignment",

PrincipalIds = "[parameters('owners')]",

ResourceScope = "providers/Microsoft.Management/managementGroups/ContosoOnlineGroup",

RoleDefinitionId = "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",

});

hmm I don't seem to be able to figure it out either. @tall-librarian-49374 or @sparse-park-68967 do you have any ideas?

The description says it should be an array. Have you tried an array of strings?

😞

thanks for responding! I have tried string, string array, but neither work. I am going to ask the MS support, may be they can give us some hints.

Could you file an issue? Would be good to record this regardless and we can update based on what MS support responds with.

The MS Support is pointing to https://github.com/Azure/azure-sdk-for-net/blob/e3bed4da8b5628113114a984b3e74dee1c[…]gement.Blueprint/src/Generated/Models/RoleAssignmentArtifact.cs He was guessing, that we have to pass an array of strings. From his response "[...] from Azure role assignment documentation, it had been mentioned to pass principal id's as array of strings. Role definition would get applied to each principal id passed under it. https://github.com/Azure/azure-sdk-for-net/blob/e3bed4da8b5628113114a984b3e74dee1cb5a91c/sdk/blueprint/Microsoft.Azure.Management.Blueprint/src/Generated/Models/RoleAssignmentArtifact.cs#L40   <param name="principalIds"> Array of user or group identities in Azure Active Directory. The roleDefinition will apply to each identity.   I believe you could pass as below. ["542a15-2d7d-48f5-9542-bfe600a28bb1"] => value corresponds to the principal id of the user/group.   The same format is used in Blueprint Rest API as well. [...]" Is Pulumi using the Azure .net SDK in the backend?

Pulumi calls Azure REST API directly without any language SDK

Hm, I cannot open an issue on github (the button submit button is disable): This would be the bug description (if it is a bug): In the example "Create a RoleAssignmentArtifact Resource" in https://www.pulumi.com/docs/reference/pkg/azure-native/blueprint/roleassignmentartifact/ the principalIds does not accept a string nor an array of strings. ## Steps to reproduce 1. run the example from https://www.pulumi.com/docs/reference/pkg/azure-native/blueprint/roleassignmentartifact Expected: unknown Actual: azure-nativeblueprintRoleAssignmentArtifact resource 'roleAssignmentArtifact' has a problem: 'principalIds' should be of type '' but got an array error: azure-nativeblueprintRoleAssignmentArtifact resource 'roleAssignmentArtifact' has a problem: 'principalIds' should be of type '' but got a string Same with Javascript and .net Pulumi program

Please open the issue here https://github.com/pulumi/pulumi-azure-native/issues