azure - Terraform azurerm role definition with email address
问题描述
I am deploying resources to Azure with Terraform. I want to assign roles to AD users by using their email address. In the azurerm_role_assignment resource, only the object id of the user can be used. I have tried it with email but it logically fails.
resource "azurerm_role_assignment" "example" {
scope = data.azurerm_subscription.primary.id
role_definition_name = "Reader"
principal_id = data.azurerm_client_config.example.object_id
}
With az powershell, the role can be assigned with the user's sign-in name : New-AzRoleAssignment -SignInName <userupn> .
Is there way to do it with terraform?
解决方案
I have found the answer. The data azuread_users can be used as a solution:
data "azuread_users" "users" {
user_principal_names = ["kat@hashicorp.com"]
}
resource "azurerm_role_assignment" "rbac_wvd" {
scope = data.azurerm_subscription.primary.id
role_definition_name = "Reader"
principal_id = data.azuread_users.wvd_user.object_ids[0]
}
推荐阅读
- c++ - UWP 应用程序证书存储在哪里?我在 wincrypt 函数中看不到它们
- html - 如何使用 data-translate-x 效果在 laxx.js 库上设置结束点
- hibernate - 如何通过 Spring Data JPA 了解底层数据库名称
- sql-server - 仅在一个 SQL 数据库中创建用户的权限
- dll - CTest、CMake 和 MinGW:可执行文件构建,但无法运行,因为未找到新的 DLL
- vimeo - 选择较旧的视频以固定到个人资料页面
- xpath - 有没有一种特定的方法可以将 xpaths 写入 rapidminer 以进行网络爬取
- django - 应用程序标签不是唯一的,重复的:帐户
- makefile - 为什么我得到“Makefile:1:***缺少分隔符。停止。” 用“设置-e”?
- oracle - 调试模式下如何查看光标的值?