https://github.com/libre-devops/terraform-azurerm-custom-roles
Custom Roles module
https://github.com/libre-devops/terraform-azurerm-custom-roles
Last synced: 2 months ago
JSON representation
Custom Roles module
- Host: GitHub
- URL: https://github.com/libre-devops/terraform-azurerm-custom-roles
- Owner: libre-devops
- License: mit
- Created: 2023-02-07T20:44:54.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-13T01:57:32.000Z (about 2 years ago)
- Last Synced: 2024-12-26T16:12:13.481Z (4 months ago)
- Language: HCL
- Size: 20.5 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
```hcl
module "roles" {
source = "registry.terraform.io/libre-devops/custom-roles/azurerm"
create_role = true
assign_role = true
roles = [
{
role_definition_name = "LibreDevOpsExample"
role_definition_description = "An example role"
role_definition_scope = "/subscriptions/${data.azurerm_client_config.current_creds.subscription_id}"
role_definition_permissions = [
{
actions = [
"Microsoft.Authorization/*/read",
]
}
]
role_assignment_name = "LibreDevOpsCustomRole"
role_assignment_description = "This is an example description for role assignment"
role_assignment_scope = "/subscriptions/${data.azurerm_client_config.current_creds.subscription_id}"
role_assignment_assignee_principal_id = data.azurerm_user_assigned_identity.mgmt_user_assigned_id.principal_id
}
]
}
```
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [azurerm](#provider\_azurerm) | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [azurerm_role_assignment.role_assignment_custom_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_assignment.role_assignment_inbuilt_role](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
| [azurerm_role_definition.role_definitions](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_definition) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [assign\_role](#input\_assign\_role) | Whether or not a role should be assigned to a scope | `bool` | `true` | no |
| [create\_role](#input\_create\_role) | Whether a role definition should be created | `bool` | `false` | no |
| [roles](#input\_roles) | The object needed to create and assign custom roles |
list(object({
role_assignment_name = optional(string)
role_assignment_scope = optional(string)
role_assignment_assignee_principal_id = optional(string)
role_assignment_description = optional(string)
role_assignment_condition = optional(string)
role_assignment_condition_version = optional(number)
role_assignment_delegated_managed_identity_resource_id = optional(string)
role_definition_id = optional(string)
role_definition_name = optional(string)
role_definition_description = optional(string)
role_definition_scope = optional(string)
role_definition_assignable_scopes = optional(list(string), [])
role_definition_permissions = optional(list(object({
actions = optional(list(string), [])
not_actions = optional(list(string), [])
data_actions = optional(list(string), [])
not_data_actions = optional(list(string), [])
})), [])
})) | n/a | yes |
| [tags](#input\_tags) | A map of the tags to use on the resources that are deployed with this module. | `map(string)` | {
"source": "terraform"
} | no |
## Outputs
No outputs.