slawek/terraform-azurerm-simple-iam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added support for ABAC restricted roles.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-02-27 16:15:23 +01:00
parent 04de6345d8
commit 6b6615b7d3
2 changed files with 46 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
variables.tf
View File

@@ -27,7 +27,7 @@ variable "roles" {
variable "delegable_roles" {
type = list(string)
default = []
description = "Role definition names that RBAC Administrator is allowed to assign/delete via ABAC condition. When empty, RBAC Administrator assignment is not created."
description = "Role definition names that RBAC Administrator is allowed to assign/delete via ABAC condition."
validation {
condition = length(distinct(var.delegable_roles)) == length(var.delegable_roles)
@@ -35,6 +35,17 @@ variable "delegable_roles" {
}
}
variable "restricted_roles" {
type = list(string)
default = []
description = "Role definitions names that RBAC Administrator is not allowed to assign/delete via ABAC condition."
validation {
condition = length(distinct(var.restricted_roles)) == length(var.restricted_roles)
error_message = "restricted_roles must not contain duplicates."
}
}
variable "principal_type" {
type = string
default = "ServicePrincipal"