This adds the ability to pass in a list of roles to be assigned to the managed identity user.
21 lines
699 B
HCL
21 lines
699 B
HCL
resource "azurerm_resource_group" "identity" {
|
|
name = "${var.name}-${var.environment}-${var.identity}"
|
|
location = var.region
|
|
}
|
|
|
|
resource "azurerm_user_assigned_identity" "identity" {
|
|
resource_group_name = azurerm_resource_group.identity.name
|
|
location = azurerm_resource_group.identity.location
|
|
|
|
name = "${var.name}-${var.environment}-${var.identity}"
|
|
}
|
|
|
|
data "azurerm_subscription" "primary" {}
|
|
|
|
resource "azurerm_role_assignment" "roles" {
|
|
count = length(var.roles)
|
|
scope = data.azurerm_subscription.primary.id
|
|
role_definition_name = var.roles[count.index]
|
|
principal_id = azurerm_user_assigned_identity.identity.principal_id
|
|
}
|