slawek/terraform-azurerm-simple-iam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reverted multiple-scope due to complexity introduced. Added ability to restrict assignments to ServicePrincipal only.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-02-23 21:16:04 +01:00
parent b20b9c4494
commit 84faa4d027
4 changed files with 33 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
variables.tf
View File

@@ -1,14 +1,10 @@
variable "scopes" {
type = list(string)
description = "Scope IDs at which to assign roles (subscription, resource group, resource, etc.)."
variable "scope" {
type = string
description = "Scope ID at which to assign roles (subscription, resource group, resource, etc.)."
validation {
condition = (
length(var.scopes) > 0 &&
alltrue([for scope in var.scopes : scope != null && trimspace(scope) != ""]) &&
length(distinct(var.scopes)) == length(var.scopes)
)
error_message = "scopes must be a non-empty list of unique, non-empty strings."
condition = var.scope != null && trimspace(var.scope) != ""
error_message = "scope must be a non-empty string."
}
}
@@ -20,7 +16,7 @@ variable "principal_id" {
variable "roles" {
type = list(string)
default = []
description = "Unconditional role definition names to assign to principal_id at each scope in scopes."
description = "Unconditional role definition names to assign to principal_id at scope."
validation {
condition = length(distinct(var.roles)) == length(var.roles)