slawek/terraform-azurerm-simple-iam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance the module to allow multiple scope assignments.

Browse Source
This commit is contained in:
Sławek Koszewski
2026-02-23 21:05:08 +01:00
parent 7c641d5e5c
commit b20b9c4494
4 changed files with 77 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
outputs.tf
View File

@@ -1,14 +1,14 @@
output "role_assignment_ids" {
value = { for role, ra in azurerm_role_assignment.role : role => ra.id }
description = "IDs of unconditional role assignments, keyed by role definition name."
value = { for key, ra in azurerm_role_assignment.role : key => ra.id }
description = "IDs of unconditional role assignments, keyed by '${scope}:${role_definition_name}'."
}
output "rbac_admin_role_assignment_id" {
value = length(azurerm_role_assignment.rbac_admin) > 0 ? azurerm_role_assignment.rbac_admin[0].id : null
description = "ID of the constrained RBAC Administrator role assignment, or null when delegable_roles is empty."
value = { for scope, ra in azurerm_role_assignment.rbac_admin : scope => ra.id }
description = "IDs of constrained RBAC Administrator role assignments, keyed by scope. Empty when delegable_roles is empty."
}
output "rbac_admin_condition" {
value = length(azurerm_role_assignment.rbac_admin) > 0 ? local.rbac_admin_condition : null
description = "Rendered condition used for the constrained RBAC Administrator assignment, or null when not created."
value = length(var.delegable_roles) > 0 ? local.rbac_admin_condition : null
description = "Rendered condition used for constrained RBAC Administrator assignments, or null when delegable_roles is empty."
}