tag 1.0.2

TheSoftwareHouse · Nov 14, 2024 · 19ef740 · 19ef740
1 parent ec039a7
commit 19ef740
Show file tree

Hide file tree

Showing 11 changed files with 83 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -10,16 +10,16 @@ NOTE: Assigning the same role to the same user, group or service principal multi
 module "role_assignments" {
   source = "retoxx-dev/role-assignment/azurerm"
 
-  scope = azurerm_resource_group.this.id
-
   role_assignments = [
     {
       user_principal_names = ["[email protected]"]
       role_names           = ["Reader", "Web Plan Contributor"]
+      scope                = azurerm_resource_group.this.id
     },
     {
       user_principal_names = ["[email protected]", "[email protected]"]
       role_names           = ["Reader", "Owner"]
+      scope                = azurerm_resource_group.this.id
     }
   ]
 }
@@ -31,12 +31,11 @@ The role `Reader` will be assigned to `[email protected]` only once.
 module "role_assignments" {
   source = "retoxx-dev/role-assignment/azurerm"
 
-  scope = azurerm_resource_group.this.id
-
   role_assignments = [
     {
       user_principal_names = ["[email protected]", "[email protected]"]
       role_names           = ["Reader", "Web Plan Contributor"]
+      scope                = azurerm_resource_group.this.id
     }
   ]
 }
@@ -47,12 +46,11 @@ module "role_assignments" {
 module "role_assignments" {
   source = "retoxx-dev/role-assignment/azurerm"
 
-  scope = azurerm_resource_group.this.id
-
   role_assignments = [
     {
       group_names = ["group1", "group2", "group3"]
       role_names  = ["Reader", "Web Plan Contributor"]
+      scope       = azurerm_resource_group.this.id
     }
   ]
 }
@@ -63,12 +61,11 @@ module "role_assignments" {
 module "role_assignments" {
   source = "retoxx-dev/role-assignment/azurerm"
 
-  scope = azurerm_resource_group.this.id
-
   role_assignments = [
     {
       sp_names   = ["spname1", "spname2", "spname3"]
       role_names = ["Reader", "Web Plan Contributor"]
+      scope      = azurerm_resource_group.this.id
     }
   ]
 }
@@ -81,9 +78,9 @@ module "role_assignments" {
 
   role_assignments = [
     {
-      scope           = azurerm_resource_group.this.id
-      principal_ids   = ["spname1", "spname2", "spname3"]
+      principal_ids   = ["00000000-0000-0000-0000-000000000000"]
       role_names      = ["Reader", "Web Plan Contributor"]
+      scope           = azurerm_resource_group.this.id
     }
   ]
 }

diff --git a/examples/role_assignment_complete/main.tf b/examples/role_assignment_complete/main.tf
@@ -17,7 +17,6 @@ resource "azurerm_log_analytics_workspace" "this" {
 
 module "role_assignments" {
   source = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_groups/README.md b/examples/role_assignment_for_groups/README.md
@@ -19,7 +19,6 @@ resource "azurerm_resource_group" "this" {
 # Use the role assignments module to assign roles to groups
 module "role_assignments" {
   source  = "retoxx-dev/role-assignment/azurerm"
-  version = "0.1.0"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_groups/main.tf b/examples/role_assignment_for_groups/main.tf
@@ -8,8 +8,7 @@ resource "azurerm_resource_group" "this" {
 }
 
 module "role_assignments" {
-  source  = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
+  source = "retoxx-dev/role-assignment/azurerm"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_identities/README.md b/examples/role_assignment_for_identities/README.md
@@ -0,0 +1,43 @@
+# Azure Role Assignment Module
+
+Terraform module that assigns `BUILT IN` IAM roles to groups, service principals and users.
+
+## Usage
+
+```hcl
+# Configure the Azure provider
+provider "azurerm" {
+  features {}
+}
+
+# Create a resource group to reference it in the role assignments module
+resource "azurerm_resource_group" "this" {
+  name     = "rg-terraform-northeu-001"
+  location = "northeurope"
+}
+
+# Use the role assignments module to assign roles to users
+module "role_assignments" {
+  source  = "retoxx-dev/role-assignment/azurerm"
+
+  role_assignments = [
+    {
+      scope                = azurerm_resource_group.this.id
+      user_principal_names = ["[email protected]", "[email protected]"]
+      role_names           = ["Reader", "Web Plan Contributor"]
+    }
+  ]
+}
+```
+
+## Terraform
+
+To run this example you need to execute:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+You can destroy created resources with `terraform destroy`.
diff --git a/examples/role_assignment_for_identities/main.tf b/examples/role_assignment_for_identities/main.tf
@@ -0,0 +1,26 @@
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "this" {
+  name     = "rg-terraform-northeu-001"
+  location = "northeurope"
+}
+
+resource "azurerm_user_assigned_identity" "this" {
+  name                = "terraform-identity-001"
+  resource_group_name = azurerm_resource_group.this.name
+  location            = azurerm_resource_group.this.location
+}
+
+module "role_assignments" {
+  source = "retoxx-dev/role-assignment/azurerm"
+
+  role_assignments = [
+    {
+      scope         = azurerm_resource_group.this.id
+      principal_ids = [azurerm_user_assigned_identity.this.principal_id]
+      role_names    = ["Reader", "Web Plan Contributor"]
+    }
+  ]
+}
diff --git a/examples/role_assignment_for_service_principals/README.md b/examples/role_assignment_for_service_principals/README.md
@@ -19,7 +19,6 @@ resource "azurerm_resource_group" "this" {
 # Use the role assignments module to assign roles to service principals
 module "role_assignments" {
   source  = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_service_principals/main.tf b/examples/role_assignment_for_service_principals/main.tf
@@ -8,8 +8,7 @@ resource "azurerm_resource_group" "this" {
 }
 
 module "role_assignments" {
-  source  = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
+  source = "retoxx-dev/role-assignment/azurerm"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_users/README.md b/examples/role_assignment_for_users/README.md
@@ -19,7 +19,6 @@ resource "azurerm_resource_group" "this" {
 # Use the role assignments module to assign roles to users
 module "role_assignments" {
   source  = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
 
   role_assignments = [
     {

diff --git a/examples/role_assignment_for_users/main.tf b/examples/role_assignment_for_users/main.tf
@@ -8,8 +8,7 @@ resource "azurerm_resource_group" "this" {
 }
 
 module "role_assignments" {
-  source  = "retoxx-dev/role-assignment/azurerm"
-  version = "1.0.1"
+  source = "retoxx-dev/role-assignment/azurerm"
 
   role_assignments = [
     {

diff --git a/main.tf b/main.tf
@@ -75,16 +75,9 @@ resource "azurerm_role_assignment" "service_principals" {
 #################################################################
 
 resource "azurerm_role_assignment" "principal_ids" {
-  for_each = {
-    for combination in toset(local.role_principal_id_combinations) :
-    "${combination.role_name}-${combination.principal_id}" => {
-      role_name    = combination.role_name
-      principal_id = combination.principal_id
-      scope        = combination.scope
-    } if combination.principal_id != null
-  }
+  count = length(local.role_principal_id_combinations)
 
-  scope                = each.value.scope
-  principal_id         = each.value.principal_id
-  role_definition_name = each.value.role_name
+  scope                = local.role_principal_id_combinations[count.index].scope
+  principal_id         = local.role_principal_id_combinations[count.index].principal_id
+  role_definition_name = local.role_principal_id_combinations[count.index].role_name
 }